Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes.

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can ...

Devs unknowingly use “malicious” modules snuck into official Python repository Code packages available in PyPI contained modified installation scripts.

This package, too, mimicked the name of a popular Python library, named "colorama." According to the PyPI Stats service , 54 users had downloaded the package a month before it was taken down.

This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. The module's name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a ...