Cybersecurity

5631 readers

40 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

North Korean hackers target Python devs with malware disguised as coding tests — hack has been underway for a year (www.tomshardware.com)

submitted 1 month ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works

5 comments fedilink hide all child comments

Fake Python job opportunities used to attack programmers

top 5 comments

sorted by: hot top controversial new old

[–] Telorand@reddthat.com 9 points 1 month ago

For anyone who's brain is stuck in QA mode, they mean "coding skills test," not some tool to test code.

I read the entire article with the wrong paradigm and got confused when I didn't see the vector for infection.

[–] treadful@lemmy.zip 7 points 1 month ago (1 children)

the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving "coding tests" that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present.

So, a supply chain attack or they're sending you code to run?

This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs.

Virtual environments are not isolated sandboxes. This is not a security feature. Do not expect any kind of safety by running things in a venv.

[–] jonne@infosec.pub 3 points 1 month ago* (last edited 1 month ago)

I'm assuming they just send you a zip file with an 'existing codebase' where somewhere in a hidden dependency a bit of code does something nefarious when you first run the project. You don't even need root access to do something bad, your whole home directory is interesting enough as it is (emails, SSH keys, saved browser passwords, etc).

Not everyone is going to do a coding test in a separate account or in a VM.

[–] over_clox@lemmy.world 3 points 1 month ago (1 children)

Strange. When I shared the permalink of this Lemmy post on Discord, it embedded the wrong title and thumbnail..

"After 30 Years, Linux Finally Hits 3% Market Share"

[–] BrikoX@lemmy.zip 2 points 1 month ago

I noticed this today too, no idea what is going on. Need to reach out to the instance admin, since it's only happening on my instance as far as I can see.