Security researchers say that online programming learning platforms can be a target for threat actors to launch cyber attacks, steal data, and scan for vulnerable devices via web browsers.
DataCamp, an online programming learning platform, can be hacked by threat actors distributing malware via malicious tools. DataCamp provides Integrated Development Environments (IDEs) offering learning courses on programming languages, and technologies such as R, Python, Shell, Excel, SQL to almost 10 million users. DataCamp users can connect to the IDE on their personal workspace to practice and execute custom codes, upload files, and practice other learning methods.
Nmap can not be downloaded directly but it can be installed on DataCamp from its compilation directory as a compiled and executable file. reportedly Profero said that these download links can be used to allow malware to get access to the computer without the knowledge of a user by simply performing a web request.
According to a spokesperson of DataCamp in response to the recent finding said, “There is inherently a risk that some individuals may attempt to abuse our systems” because the platform provides “a live computing environment.”
However, DataCamp also stated that they “have taken reasonable measures” to prevent future cyber attacks that could impact the learning platform’s safety.
