Backdoored Python Library Caught Stealing SSH Credentials

Posted on May 9, 2018

Backdoored Python Library Caught Stealing SSH Credentials

Barely a week has passed from the last attempt to hide a backdoor in a code library, and we have a new case today. This time around, the backdoor was found in a Python module, and not an npm (JavaScript) package. The module’s name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code.

On Monday, another developer noticed that multiple recent versions of the SSH Decorate module contained code that collected users’ SSH credentials and sent the data to a remote server.

Source: bleepingcomputer.com