Thursday, December 8, 2022
HomeDigit NewsHackers are installing malicious packages in Python code repository, millions of apps...

Hackers are installing malicious packages in Python code repository, millions of apps are at risk, know what it is


According to a report, hackers are installing malicious packages in a Python code repository.
Python code repositories are used to build mobile apps.
This code is used by over 600,000 developers globally.

New Delhi. American security firm, Check Point Research has released a report, which states that hackers are installing malicious packages in PyPI, a major Python code repository. The code is used by over 600,000 developers globally and is part of approximately 3.7 million apps.

Python is a popular programming language used to build popular smartphone apps such as YouTube, Instagram, Reddit, and Spotify. A code repository is a bank of programming languages, constantly updated by open source developers, as they work on various app projects.

200 million code repositories
For example, GitHub is used by developers to post, log and update their work, and to distribute it to fellow developers for license. The Microsoft-owned platform claims to currently have over 83 million developers and 200 million code repositories.

Hackers target PyPI scripts
Software developers around the world can access packages and scripts contributed by their counterparts and use them to develop new products. According to Check Point, hackers target a script in PyPI and a series of instructions – in the repository – that are installed in the process of an app built on Python.

Security glitches in apps are on the rise
PyPI is just a case. Security experts say thousands of malicious code snippets that attack public programming language repositories are finding their way into public mobile applications. The potential for security glitches in these apps is increasing. Malicious code snippets run in the background, as a result of which developers are not able to see it. This is why big companies have their own apps, big teams are constantly working to keep them secure, but independent developers have no means to make them easy prey for hackers.

Code repositories do not have strong security checks
It is the nature of the repository, according to security firms, that makes it vulnerable to a security breach. Such instances are common, said Huzefa Motiwala, director of systems engineering for India and SAARC at US cyber security firm Palo Alto Networks. Most code repositories do not have a robust security check and validation process, which allows cyber attackers to add militiaous code snippets to popular repositories.

- Advertisement -

- Advertisment -

- Advertisment -spot_imgspot_imgspot_img


Two Wheeler


Digit News