A malicious Python library, automslc, has been flagged on the Python Package Index (PyPI) that allows unauthorized music downloads from Deezer. The package has been downloaded over 104,000 times since its initial publication in May 2019. Experts warn of potential security risks and call for immediate attention from PyPI and relevant stakeholders to remove the package and prevent further exploitation. As a result, users are advised to uninstall the package and exercise caution when installing Python libraries from public repositories to avoid unauthorized access to their accounts and personal data. Immediate action is required to mitigate this risk.
Key Points
Security Vulnerability: How can individuals protect themselves from this malicious Python library and potential unauthorized music downloads?r
PyPI Oversight: What measures should be taken by the PyPI team to prevent similar vulnerabilities in the future?r
Music Streaming Service Response: Will Deezer take any action to address this issue and ensure user account security is protected?
Advertisement
Original Article
Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer.
The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing.
"Although automslc, which has been
Comments