Publish your own package to PyPI that on import does some evil stuff. Name the package something similar to a known, but not too well known package. Supply chain attacks are even less defended against than other stuff.
All this relies on companies being shit though, but well, we all know that’s the case in a lot of places.
Publish your own package to PyPI that on import does some evil stuff. Name the package something similar to a known, but not too well known package. Supply chain attacks are even less defended against than other stuff.
All this relies on companies being shit though, but well, we all know that’s the case in a lot of places.