
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
py2cy is a library designed to convert Python source code into Cython format, enabling the transformation of .py files into .so files on Linux and .pyd files on Windows. Additionally, it aids in obfuscating the code, making reverse engineering more challenging.
Installing the package
pip install py2cy
Arrange the configuration file setup.cfg for your projects
######CYTHON CONFIGURATIONS######
#threads for cythonize in linux
[NThreads]
nThreads=4
#path of the folder to be obfuscated
[SourcePath]
pkg_for_obfuscation=<<path of the project to be obfuscated>>
#files to be excluded from cythonization, comma separated values, must have file extension
[FilesToExclude]
files_to_exclude=abc.py,bde.py
#comma separated values
[PkgsToExclude]
pkgs_to_exclude=package1,package2
#If this is set, both exclude conditions metioned above will be ignored,#comma separated values
[FilesToInclude]
files_to_include=test1.py,test2.py
#If this is set, both exclude conditions above will be ignored,#comma separated values
[PkgsToInclude]
pkgs_to_include=
###############################
After the above configuration invoke py2cy in the command line interface as below
py2cy <<path of the setup.cfg>>
or
py2cy #invoke from the current working directory where setup.cfg is present
Once the execution gets completed, a package with same name suffixed with _cython gets generated next to the actual source code.
Based on the configuration set in setup.cfg, respective files are cythonized.
FAQs
A package to convert Python code to Cython for Security and Obfuscation
We found that py2cy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.