Spectra Assure

failIncident: Malware

Scanned:

SqzrFramework480

latest

removed

malicious

Research

顺其自然！

License: unknown

Published:

See on NuGet

SAFE Assessment

Compliance

Licenses

2 commercial use restrictions

Secrets

No sensitive information found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

2 modern mitigations missing

Threats

Tampering

1 components prone to hijacking

Malware

2 undesirable applications found

INCIDENTS FOR THIS VERSION:

malware

Reported By: ReversingLabs (Researcher)

See more info on our blog

malware

Reported By: ReversingLabs (Automated)

Learn more about malware detection

removal

N/AReported By: Community

List of software quality issues with the number of affected components.

Policies

Info

Problem

Potentially unwanted applications (PUAs) can be considered a risk by some software users. This threat type typically collects private user data, or in more extreme cases, tampers with system security settings. Most threat prevention solutions detect and block PUAs. Software packages that trigger security solution detections also tend to increase the number of support calls and open tickets from users.

Prevalence in NuGet community

0 packages

found in

Top 100

0 packages

found in

Top 1k

2 packages

found in

Top 10k

177 packages

in community

Next steps

Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.

Problem

Software license is a legal instrument that governs the use and distribution of software source code and its binary representation. Software publishers have the freedom to choose any commonly used or purposefully written license to publish their work under. While some licenses are liberal and allow almost any kind of distribution, with or without code modification, other licenses are more restrictive and impose rules for their inclusion in other software projects. Some software licenses place restrictions on commercial use of the code they apply to. The most restrictive licenses in this category may completely forbid commercial code use. When building commercial applications, this is typically undesirable. Therefore, the inclusion of any code that may impose limits on commercial use is commonly avoided or even prohibited by the organization policy.

Prevalence in NuGet community

0 packages

found in

Top 100

1 packages

found in

Top 1k

14 packages

found in

Top 10k

1.52k packages

in community

Next steps

Confirm that the software package references a component or a dependency with a restrictive license.

Consider replacing the software component with an alternative that offers a license compatible with organization policy.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. Open source projects are the intellectual property of their respective authors. At any time, the authors may choose to completely remove the software component from a public repository. This often occurs when a software project reaches its end-of-life stage, or when the software authors lose interest in maintaining the project. This kind of removal frees up the software package name, its unique software identifier in the public repository, for other developers to use. However, new software project owners might have malicious intent. Threat actors are continuously monitoring popular package names in case their unique identifiers suddenly become available for hijacking. Once the software projects falls under new ownership, the new maintainers may opt to use the project popularity to spread malware to unsuspecting users.

Prevalence in NuGet community

0 packages

found in

Top 100

1 packages

found in

Top 1k

34 packages

found in

Top 10k

240.72k packages

in community

Next steps

Inspect behaviors exhibited by the detected software components.

If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.

Revise the use of components that raise these alarms. If you can't deprecate those components, make sure that their versions are pinned.

Avoid using this software package until it is vetted as safe.

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors, preventing them from reaching production. These checks minimize the number of security issues by enforcing strict memory access checks. They also prevent the use of hard-to-secure string and memory manipulation functions. To prove the binary has been compiled with these checks enabled, the compiler emits a special debug object. Removing the debug table eliminates this proof. Therefore, this check only applies to binaries that still have their debug tables.

Prevalence in NuGet community

0 packages

found in

Top 100

51 packages

found in

Top 1k

499 packages

found in

Top 10k

14.01k packages

in community

Next steps

You should keep the debug table to prove that the SDL process has been followed.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors. These checks prevent the use of hard-to-secure memory manipulation functions. They enforce static memory access checks, and allow only the use of range-verified memory access functions. While these checks do not prevent every memory corruption issue by themselves, they do help reduce the likelihood.

Prevalence in NuGet community

0 packages

found in

Top 100

14 packages

found in

Top 1k

187 packages

found in

Top 10k

5.08k packages

in community

Next steps

It's highly recommended to enable these checks for all software components used at security boundaries, or those that process user controlled inputs.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.

Prevalence in NuGet community

0 packages

found in

Top 100

27 packages

found in

Top 1k

936 packages

found in

Top 10k

22.91k packages

in community

Next steps

Investigate reported detections.

If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider rewriting the flagged code without using the marked behaviors.

Problem

Obfuscation is a process of mangling the software code legibility. Obfuscation can be applied to both the application source and its compiled code counterpart. In both cases, obfuscation can interfere with the accuracy of security and software quality assessment solutions. For this reason, obfuscation is a technique commonly used by malicious actors as a means of bypassing security solutions and avoiding detection. While presence of obfuscation does not imply malicious intent, all of its uses in a software package should be documented and approved. One example of acceptable use for code obfuscation is minimizing the size of script files that are not intended to be read by humans. In such a case, the trade-off between file size and code legibility is considered acceptable.

Prevalence in NuGet community

0 packages

found in

Top 100

4 packages

found in

Top 1k

459 packages

found in

Top 10k

6.53k packages

in community

Next steps

Investigate reported detections as indicators of software tampering.

Consult Mitre ATT&CK documentation: T1027 - Obfuscated Files or Information.

Consider an alternative to code obfuscation to lower the risk of being mistakenly flagged by security solutions.

Problem

Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. URL paths provide additional information to a web service when making a request. They are an optional, but an important part of the URL, as they may define specific content or actions based on the data being passed. Some parameters they pass might be considered sensitive information. Since path components are not encrypted this might cause sensitive information to leak. This issue is raised for URL paths than might contain information that attackers can easily intercept. Examples of sensitive information fields include passwords and other similar parameters.

Prevalence in NuGet community

0 packages

found in

Top 100

10 packages

found in

Top 1k

208 packages

found in

Top 10k

3.99k packages

in community

Next steps

Investigate reported detections.

If the software should not include these network references, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider removing all references to flagged network locations.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community. it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of using components that are rarely used to build applications lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.

Prevalence in NuGet community

0 packages

found in

Top 100

118 packages

found in

Top 1k

1749 packages

found in

Top 10k

656.38k packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Open source communities depend on the work of thousands of software developers that volunteer their time to maintain software components. Software developers build up the reputation of their open source projects by developing in public. Modern source code repositories have many social features that allow software developers to handle bug reports, have discussions with their users, and convey reaching significant project milestones. It is uncommon to find open source projects that omit linking their component to a publicly accessible source code repository.

Prevalence in NuGet community

99 packages

found in

Top 100

723 packages

found in

Top 1k

6007 packages

found in

Top 10k

575.57k packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.

This website uses cookies to ensure the best website experience. By continuing to use this website you are giving your consent to cookies being used. Detailed information about our use of cookies is here.

List of software quality issues with the number of affected components.

Policies

Info

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

0 packages

found in

Top 1k

2 packages

found in

Top 10k

177 packages

in community

Next steps

Revise the use of components that raise these alarms. If you can't deprecate those components, make sure they are well-documented.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

1 packages

found in

Top 1k

14 packages

found in

Top 10k

1.52k packages

in community

Next steps

Confirm that the software package references a component or a dependency with a restrictive license.

Consider replacing the software component with an alternative that offers a license compatible with organization policy.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

1 packages

found in

Top 1k

34 packages

found in

Top 10k

240.72k packages

in community

Next steps

Inspect behaviors exhibited by the detected software components.

If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.

Revise the use of components that raise these alarms. If you can't deprecate those components, make sure that their versions are pinned.

Avoid using this software package until it is vetted as safe.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

51 packages

found in

Top 1k

499 packages

found in

Top 10k

14.01k packages

in community

Next steps

You should keep the debug table to prove that the SDL process has been followed.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

14 packages

found in

Top 1k

187 packages

found in

Top 10k

5.08k packages

in community

Next steps

It's highly recommended to enable these checks for all software components used at security boundaries, or those that process user controlled inputs.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

27 packages

found in

Top 1k

936 packages

found in

Top 10k

22.91k packages

in community

Next steps

Investigate reported detections.

If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider rewriting the flagged code without using the marked behaviors.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

4 packages

found in

Top 1k

459 packages

found in

Top 10k

6.53k packages

in community

Next steps

Investigate reported detections as indicators of software tampering.

Consult Mitre ATT&CK documentation: T1027 - Obfuscated Files or Information.

Consider an alternative to code obfuscation to lower the risk of being mistakenly flagged by security solutions.

Problem

Prevalence in NuGet community

0 packages

found in

Top 100

10 packages

found in

Top 1k

208 packages

found in

Top 10k

3.99k packages

in community

Next steps

Investigate reported detections.

If the software should not include these network references, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider removing all references to flagged network locations.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community. it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of using components that are rarely used to build applications lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.

Prevalence in NuGet community

0 packages

found in

Top 100

118 packages

found in

Top 1k

1749 packages

found in

Top 10k

656.38k packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Open source communities depend on the work of thousands of software developers that volunteer their time to maintain software components. Software developers build up the reputation of their open source projects by developing in public. Modern source code repositories have many social features that allow software developers to handle bug reports, have discussions with their users, and convey reaching significant project milestones. It is uncommon to find open source projects that omit linking their component to a publicly accessible source code repository.

Prevalence in NuGet community

99 packages

found in

Top 100

723 packages

found in

Top 1k

6007 packages

found in

Top 10k

575.57k packages

in community

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

SqzrFramework480

SAFE Assessment

Compliance

Security

Threats

IMPORTANT: All versions of this package have been maliciousLatest version with malware incident detected: almost 2 years agoVersion: 1.0.1

INCIDENTS FOR THIS VERSION:

SQ30103Detected presence of potentially unwanted applications.Causes risk: undesirable applications foundthreats

Problem

Prevalence in NuGet community

Next steps

SQ12404Detected presence of licenses that place restrictions on commercial use.Causes risk: commercial use restrictionslicenses

Problem

Prevalence in NuGet community

Next steps

TH30103Detected presence of software components that were removed from the public package repository.Causes risk: components prone to hijackinghunting

Problem

Prevalence in NuGet community

Next steps

SQ14138Detected Windows executable files that were compiled without following the recommended SDL process.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in NuGet community

Next steps

SQ14139Detected Windows executable files compiled without following the SDL best practices while using banned memory functions.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in NuGet community

Next steps

TH15103Detected presence of files with behaviors commonly used by malicious software.hunting

Problem

Prevalence in NuGet community

Next steps

TH16101Detected presence of obfuscated software components.hunting

Problem

Prevalence in NuGet community

Next steps

TH17119Detected presence of files containing URLs with suspicious path components.hunting

Problem

Prevalence in NuGet community

Next steps

TH30107Detected presence of software components that are rarely included by other public software packages.hunting

Problem

Prevalence in NuGet community

Next steps

TH30112Detected presence of software components without a declared source code repository.hunting

Problem

Prevalence in NuGet community

Next steps

Did you know...

SQ30103Detected presence of potentially unwanted applications.Causes risk: undesirable applications foundthreats

Problem

Prevalence in NuGet community

Next steps

SQ12404Detected presence of licenses that place restrictions on commercial use.Causes risk: commercial use restrictionslicenses

Problem

Prevalence in NuGet community

Next steps

TH30103Detected presence of software components that were removed from the public package repository.Causes risk: components prone to hijackinghunting

Problem

Prevalence in NuGet community

Next steps

SQ14138Detected Windows executable files that were compiled without following the recommended SDL process.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in NuGet community

Next steps

SQ14139Detected Windows executable files compiled without following the SDL best practices while using banned memory functions.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in NuGet community

Next steps

TH15103Detected presence of files with behaviors commonly used by malicious software.hunting

Problem

Prevalence in NuGet community

Next steps

TH16101Detected presence of obfuscated software components.hunting

Problem

Prevalence in NuGet community

Next steps

TH17119Detected presence of files containing URLs with suspicious path components.hunting

Problem

Prevalence in NuGet community

Next steps