Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 109080

[Warning] Beware of the python source codes being posted here

by Nero - 05 August, 2023 - 05:32 AM
This post is by a banned member (apalmtree) - Unhide
apalmtree  
Registered
13
Posts
0
Threads
1 Year of service
#25
Thanks
This post is by a banned member (WeedGod) - Unhide
WeedGod  
Supreme
990
Posts
86
Threads
2 Years of service
#26
Nice leak bro Weed
You alr know I'm smokin an Oz a day
This post is by a banned member (bigtiger64) - Unhide
333
Posts
28
Threads
2 Years of service
#27
thanks for warning us.
This post is by a banned member (noarch) - Unhide
noarch  
Supreme
532
Posts
293
Threads
6 Years of service
#28
(05 August, 2023 - 05:32 AM)Rune Wrote: Show More
 
Hello fellow members of c.io,

I'm reaching out today to raise
an important flag regarding the Python "open source" code snippets that you might come across on this forum. It has come to my attention that a concerning number of individuals, both forum members and potentially even some staff, seem to be overlooking potential security risks. (TL;DR available at the end of the the thread)


Allow me to show a specific example:
 
Show ContentSpoiler:

  At first glance, this code may seem innocent. There's no blatant indication of any attempt to access a Discord webhook, Telegram, or any external server that might suggest your data is being sent to a attacker. However, what many of you, may have missed upon initial inspection is the libraries being installed and executed:

Show ContentSpoiler:

  The hidden threat lies within the library named "pypiele." 

The tricky part happens behind the scenes:
pip install pypiele
(assuming the malicious library is disguised as "pypiele"), it downloads the malicious code onto your computer.

This code is saved in a location on your system,   
"AppData\Local\Programs\Python\PythonVersion\lib\nameofmalware"


Now, when you run the innocent-looking main.py script that you found online, it starts importing libraries, including the malicious "pypiele."
This means the harmful code gets executed alongside the legitimate code. The attacker's script could perform actions that compromise your privacy and security, like stealing your private information, logging your keystrokes, or taking unauthorized control of your system.

Here's the tricky part: The bad library can be different in is name. It might be called "pypypal" or something else each time. This makes it hard to spot.
It's important that we remain vigilant, especially in the realm of open source threads.

Don't let the apparent simplicity of a code snippet blind you to the potential risks it may conceal. By exercising caution and inspecting both the code and the libraries it employs, we can collectively work to ensure a safer and more secure coding environment.
Stay informed, stay safe.



How do i stay safe from this?
simple!

just go to

pypi.org

And look up the libraries name that you find within a open source python program and make sure they are legit.

-----------------------------------------------------------------------------

TL;DR :
When you run the innocent-looking main.py script that you found online, it starts importing libraries, including the malicious "pypiele" in our exemple. Don't let the apparent simplicity of a code snippet blind you, always look up the libraries name that you find within a open source python program and make sure they are legit using pypi.org

Thonny (has a built in package search and install installer that checks pypi repo. I recommend this, good looking out. 
[Image: ffdw3.gif]
This post is by a banned member (Diegogarzon) - Unhide
47
Posts
0
Threads
1 Year of service
#29
[font][font]SDFf[/font][/font]
This post is by a banned member (zbelloiuhb) - Unhide
22
Posts
0
Threads
1 Year of service
#30
(05 August, 2023 - 05:32 AM)Rune Wrote: Show More
 
Hello fellow members of c.io,

I'm reaching out today to raise
an important flag regarding the Python "open source" code snippets that you might come across on this forum. It has come to my attention that a concerning number of individuals, both forum members and potentially even some staff, seem to be overlooking potential security risks. (TL;DR available at the end of the the thread)


Allow me to show a specific example:
 
Show ContentSpoiler:

  At first glance, this code may seem innocent. There's no blatant indication of any attempt to access a Discord webhook, Telegram, or any external server that might suggest your data is being sent to a attacker. However, what many of you, may have missed upon initial inspection is the libraries being installed and executed:

Show ContentSpoiler:

  The hidden threat lies within the library named "pypiele." 

The tricky part happens behind the scenes:
pip install pypiele
(assuming the malicious library is disguised as "pypiele"), it downloads the malicious code onto your computer.

This code is saved in a location on your system,   
"AppData\Local\Programs\Python\PythonVersion\lib\nameofmalware"


Now, when you run the innocent-looking main.py script that you found online, it starts importing libraries, including the malicious "pypiele."
This means the harmful code gets executed alongside the legitimate code. The attacker's script could perform actions that compromise your privacy and security, like stealing your private information, logging your keystrokes, or taking unauthorized control of your system.

Here's the tricky part: The bad library can be different in is name. It might be called "pypypal" or something else each time. This makes it hard to spot.
It's important that we remain vigilant, especially in the realm of open source threads.

Don't let the apparent simplicity of a code snippet blind you to the potential risks it may conceal. By exercising caution and inspecting both the code and the libraries it employs, we can collectively work to ensure a safer and more secure coding environment.
Stay informed, stay safe.



How do i stay safe from this?
simple!

just go to

pypi.org

And look up the libraries name that you find within a open source python program and make sure they are legit.

-----------------------------------------------------------------------------

TL;DR :
When you run the innocent-looking main.py script that you found online, it starts importing libraries, including the malicious "pypiele" in our exemple. Don't let the apparent simplicity of a code snippet blind you, always look up the libraries name that you find within a open source python program and make sure they are legit using pypi.org

ty
This post is by a banned member (Media_Tech19) - Unhide
This post is by a banned member (Sidon7) - Unhide
Sidon7  
Registered
1
Posts
0
Threads
1 Year of service
#32
(05 August, 2023 - 05:32 AM)Rune Wrote: Show More
Hello fellow members of c.io,

I'm reaching out today to raise
an important flag regarding the Python "open source" code snippets that you might come across on this forum. It has come to my attention that a concerning number of individuals, both forum members and potentially even some staff, seem to be overlooking potential security risks. (TL;DR available at the end of the the thread)


Allow me to show a specific example: 
Show ContentSpoiler:

  At first glance, this code may seem innocent. There's no blatant indication of any attempt to access a Discord webhook, Telegram, or any external server that might suggest your data is being sent to a attacker. However, what many of you, may have missed upon initial inspection is the libraries being installed and executed:

Show ContentSpoiler:

  The hidden threat lies within the library named "pypiele." 

The tricky part happens behind the scenes:
pip install pypiele
(assuming the malicious library is disguised as "pypiele"), it downloads the malicious code onto your computer.

This code is saved in a location on your system,   
"AppData\Local\Programs\Python\PythonVersion\lib\nameofmalware"


Now, when you run the innocent-looking main.py script that you found online, it starts importing libraries, including the malicious "pypiele."
This means the harmful code gets executed alongside the legitimate code. The attacker's script could perform actions that compromise your privacy and security, like stealing your private information, logging your keystrokes, or taking unauthorized control of your system.

Here's the tricky part: The bad library can be different in is name. It might be called "pypypal" or something else each time. This makes it hard to spot.
It's important that we remain vigilant, especially in the realm of open source threads.

Don't let the apparent simplicity of a code snippet blind you to the potential risks it may conceal. By exercising caution and inspecting both the code and the libraries it employs, we can collectively work to ensure a safer and more secure coding environment.
Stay informed, stay safe.



How do i stay safe from this?
simple!

just go to

pypi.org

And look up the libraries name that you find within a open source python program and make sure they are legit.

-----------------------------------------------------------------------------

TL;DR :
When you run the innocent-looking main.py script that you found online, it starts importing libraries, including the malicious "pypiele" in our exemple. Don't let the apparent simplicity of a code snippet blind you, always look up the libraries name that you find within a open source python program and make sure they are legit using pypi.org

Thanks for letting us know

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 6 Guest(s)