Attacks on Bytecode Interpreters Conceal Malicious Injection Activity (Dark Reading)
By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection.
Bytecode attacks are not necessarily new, but they are relatively novel. In 2018, a group of researchers from the University of California at Irvine (including Distinguished Professor of Computer Science Michael Franz) published a paper, “Bytecode Corruption Attacks Are Real — And How to Defend Against Them,” introducing bytecode attacks and defenses. Last year, the administrators of the Python Package Index (PyPI) removed a malicious package, known as fshec2, which escaped initial detection because all its malicious code was compiled as bytecode. Python compiles its bytecode into PYC files, which can be executed by the Python interpreter.
Read the full article in Dark Reading.