Top issues
Detected presence of known software supply chain attack artifacts.
Causes risk: supply chain attack artifacts
threats
Problem
Proprietary ReversingLabs malware detection algorithms have determined that the software package contains one or more malicious components. The detection was made by either a static byte signature, software component identity, or a complete file hash. This malware detection method is considered highly accurate, and can typically attribute malware to previously discovered software supply chain attacks. It is common to have multiple supply chain attack artifacts that relate to a single malware incident.Prevalence in NuGet community
0 packages
found in
Top 100
0 packages
found in
Top 1k
0 packages
found in
Top 10k
741 packages
in community
Next steps
If the software intent does not relate to malicious behavior, investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Detected presence of malicious files through analyst-vetted file reputation.
Causes risk: analyst-vetted malware found
threats
Problem
Threat researchers have manually inspected the software package and determined that it contains one or more malicious files. The detection was made by a hash-based file reputation lookup. This malware detection method is considered highly accurate, and can typically identify the malware family by name.Prevalence in NuGet community
0 packages
found in
Top 100
0 packages
found in
Top 1k
0 packages
found in
Top 10k
741 packages
in community
Next steps
Investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Detected presence of software components that are impersonating popular software packages.
Causes risk: impersonated components found
hunting
Problem
Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. Open source communities use code repositories to facilitate project discovery and simplify software deployment. These code repositories use unique component names as identifiers that developers can later use to specify software components required by their applications during the build or run processes. Since component names are manually written down by the developer within the code, it is possible to mistype them. Simple omissions of characters, such as prefixes, suffixes, plurals, hyphens, and underscores can have serious consequences. Unintended software components might get installed - components that might have been authored by a threat actor. Threat actors are constantly poisoning open source repositories with typosquatted components preying on typos by unsuspecting developers. They typically try to impersonate the most popular software components, as most developers will be using them to build their applications.Prevalence in NuGet community
No prevalence information at this timeNext steps
Review software component names to ensure there were no accidental package name mistypes.
If the software component names differ from expected, investigate the build and release environment for software supply chain compromise.
Avoid using this software package until it is vetted as safe.
Detected presence of software components that were removed from the public package repository.
Causes risk: components prone to hijacking
hunting
Problem
Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. Open source projects are the intellectual property of their respective authors. At any time, the authors may choose to completely remove the software component from a public repository. This often occurs when a software project reaches its end-of-life stage, or when the software authors lose interest in maintaining the project. This kind of removal frees up the software package name, its unique software identifier in the public repository, for other developers to use. However, new software project owners might have malicious intent. Threat actors are continuously monitoring popular package names in case their unique identifiers suddenly become available for hijacking. Once the software projects falls under new ownership, the new maintainers may opt to use the project popularity to spread malware to unsuspecting users.Prevalence in NuGet community
No prevalence information at this timeNext steps
Inspect behaviors exhibited by the detected software components.
If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.
Revise the use of components that raise these alarms. If you can't deprecate those components, make sure that their versions are pinned.
Avoid using this software package until it is vetted as safe.
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.Prevalence in NuGet community
0 packages
found in
Top 100
0 packages
found in
Top 1k
4 packages
found in
Top 10k
1095 packages
in community
Next steps
Investigate reported detections.
If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider rewriting the flagged code without using the marked behaviors.
Top behaviors
The software package name contains non-ASCII characters.
anomaly
Prevalence in NuGet community
No behavior prevalence information at this timeRetrieves the name of the user associated with the process.
search
Prevalence in NuGet community
Behavior often found in this community (Common)
0 packages
found in
Top 100
4 packages
found in
Top 1k
70 packages
found in
Top 10k
23059 packages
in community
Encodes data using the Base64 algorithm.
packer
Prevalence in NuGet community
Behavior often found in this community (Common)
0 packages
found in
Top 100
21 packages
found in
Top 1k
144 packages
found in
Top 10k
69157 packages
in community
Decodes data using the Base64 algorithm.
packer
Prevalence in NuGet community
Behavior often found in this community (Common)
0 packages
found in
Top 100
21 packages
found in
Top 1k
133 packages
found in
Top 10k
60642 packages
in community
Executes a file.
execution
Prevalence in NuGet community
Behavior often found in this community (Common)
0 packages
found in
Top 100
12 packages
found in
Top 1k
98 packages
found in
Top 10k
39014 packages
in community
Top vulnerabilities
No vulnerabilities found.