Phylum

Python Package Installation Attacks

Insights and Resources

Arbitrary code execution is possible, and even common, during package installation. Find out how attackers use this to their advantage.

Charles Coggins Apr 24, 2024 5 min read

Subscribe to our research

Keep up with the latest software supply chain attacks

Python Trojan Functions and Imports

Learn basic techniques attackers use to create malicious packages with trojan features found in attacks including typosquatting, starjacking, dependency confusion, and lockfile injection....

Charles Coggins Apr 24, 2024 3 min read

Python Package Spoofing

Find out how easy it is for threat actors to spoof legitimate Python packages as the foundation of their attacks on the software supply chain....

Charles Coggins Apr 24, 2024 6 min read

Series: How Malicious Python Code Gains Execution

The primary vector for malicious code running in software developer environments (e.g., local system, CI/CD runners, production servers, etc.) is software dependencies. This...

Charles Coggins Apr 24, 2024 2 min read

Nation-State Threat Actors Renew Publications to npm

Back in November of 2023, we published a blog post highlighting the technical details of a sophisticated attack in npm attributed to North Korea. We...

Phylum Research Team Apr 24, 2024 6 min read