Strange Python Imports
In Python most packages are imported via
from x import y. In fact, this is explicitly called out in the
PEP 8 Style Guide for Python Code. Going out of one's way to import a package
using strange or bespoke methods should raise suspicion around the intent of the import.
For example, the following is functionally similar to
# Import our `os` package xyz = __import__("\x6F\x73") # Use our imported package xyz.system("whoami")
At first glance it is not clear that the
os package is being imported. It is highly probable that the developer is
attempting to muddy the waters around their code to hide some nefarious behaviors.
It is difficult to make sense of code that has been obfuscated or written in such a way as to hide certain functionality.
It is very likely that code that leverages these strange imports is doing so to hide malicious behavior. You should
review any packages that contain these imports and seriously reconsider their use in your project or application.
In 2022 several packages were released into the PyPI ecosystem that made use of imports of this kind.
typosquatted package, had these strange imports tucked away in the middle of an otherwise benign file.
Updated 9 months ago