Malicious Pickle

A "malicious pickle" refers to a Python pickle file containing harmful code. Pickle is Python's serialization format, but it can execute arbitrary code during deserialization. The first known malicious pickle was discovered in January 2022, which used Python's exec function to run a Cobalt Strike stager shellcode through Windows APIs.