Techly NewsGet the app

Get the latest tech news

Malicious PyPI Package Exploited Deezer's API, Orchestrates a Distributed Piracy Operation


A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News. Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloa...

A malicious PyPi package effectively turned its users' systems "into an illicit network for facilitating bulk music downloads," writes The Hacker News.Though the package has been removed from PyPI, researchers at security platform Socket.dev say it enabled "coordinated, unauthorized music downloads from Deezer — a popular streaming service founded in France in 2007." Although automslc, which has been downloaded over 100,000 times, purports to offer music automation and metadata retrieval, it covertly bypasses Deezer's access restrictions... Additionally, the package routinely communicates with a remote server... to update download statuses and submit metadata, thereby centralizing control and allowing the threat actor to monitor and coordinate the distributed downloading operation.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of API

API

Photo of deezer

deezer

Related news:

News photo

Show HN: Superglue – open source API connector that writes its own code

News photo

Slack: We're still working to restore functionality to affected Slack features such as sending messages, workflows, threads and other API-related features

News photo

PyPi package with 100K installs pirated music from Deezer for years

« TurnkeyML 6.0 Released With OpenAI-Compatible Server, Other Changes
HMD Unveils Phone With Parental Controls and Social Media Locks »