List of software quality issues with the number of affected components.
category ALL
Policies
Info
Category
Problem
Proprietary ReversingLabs malware detection algorithms have determined that the software package contains one or more malicious components. The detection was made by either a static byte signature, software component identity, or a complete file hash. This malware detection method is considered highly accurate, and can typically attribute malware to previously discovered software supply chain attacks. It is common to have multiple supply chain attack artifacts that relate to a single malware incident.
Prevalence in PyPI community
0 packages
found in
Top 100
0 packages
found in
Top 1k
11 packages
found in
Top 10k
14.01k packages
in community
Next steps
If the software intent does not relate to malicious behavior, investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Problem
Proprietary ReversingLabs malware detection algorithms have determined that the software package contains one or more malicious files. The detection was made by a heuristic signature. This malware detection method is considered proactive, and can typically identify the malware family or at least the threat type.
Prevalence in PyPI community
0 packages
found in
Top 100
1 packages
found in
Top 1k
4 packages
found in
Top 10k
187 packages
in community
Next steps
Inspect behaviors exhibited by the detected software components.
If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.
Avoid using this software package until it is vetted as safe.
Consider rewriting code that may have triggered the detection due to its malware similarity.
Problem
Threat researchers have manually inspected the software package and determined that it contains one or more malicious files. The detection was made by a hash-based file reputation lookup. This malware detection method is considered highly accurate, and can typically identify the malware family by name.
Prevalence in PyPI community
0 packages
found in
Top 100
0 packages
found in
Top 1k
10 packages
found in
Top 10k
14.02k packages
in community
Next steps
Investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are exclusively used by malicious software with the intent to cause harm. When a software package matches behavior traits of malicious software, it becomes flagged by security solutions. It is highly likely that the software package was tampered with by a malicious actor or a rogue insider.
Prevalence in PyPI community
0 packages
found in
Top 100
1 packages
found in
Top 1k
5 packages
found in
Top 10k
9.47k packages
in community
Next steps
Investigate reported detections.
Investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed.
In the case this behavior is intended, rewrite the flagged code without using the malware-like behaviors.
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are exclusively used by malicious software with the intent to cause harm. When a software package matches behavior traits of malicious software, it becomes flagged by security solutions. It is highly likely that the software package was tampered with by a malicious actor or a rogue insider. Detected threat type matches the behaviors typically exhibited by the infostealer malware profile. Infostealers are commonly used to steal sensitive user data such as stored login details, financial information, and other personally identifiable information.
Prevalence in PyPI community
0 packages
found in
Top 100
0 packages
found in
Top 1k
3 packages
found in
Top 10k
2.05k packages
in community
Next steps
Investigate reported detections.
Investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed.
In the case this behavior is intended, rewrite the flagged code without using the malware-like behaviors.
Problem
An AI (Artificial Intelligence) model is a mathematical representation of a process that uses algorithms to learn patterns and make predictions based on provided data. After the models are trained, their mathematical representations are stored in a variety of data serialization formats. Stored AI models can be shared and reused without the need for additional model training. Pickle is a popular Python module that many data scientists use for serializing and deserializing AI model data. Pickle is considered an unsafe data format, as it allows Python code to be executed during AI model deserialization. Attackers commonly abuse Pickle and other unsafe data serialization formats to hide their malicious payloads. It was detected that the serialized data includes Python code that can invoke external scripts and execute arbitrary commands on the computer system that attempts to deserialize the AI model data. While presence of Python code within serialized data does not always imply malicious intent, its use in an AI model should be documented and approved. It is recommended that any custom actions needed to load the AI model be kept separate from the serialized model data.
Prevalence in PyPI community
0 packages
found in
Top 100
0 packages
found in
Top 1k
1 packages
found in
Top 10k
12 packages
in community
Next steps
Investigate reported detections.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider replacing the selected data serialization format with a safer alternative.
Problem
Third-party malware detection algorithms have determined that the software package contains one or more suspicious files. The detection was made by a hash-based file reputation lookup. This malware detection method is considered predictive, and can typically identify the malware family by name.
Prevalence in PyPI community
1 packages
found in
Top 100
3 packages
found in
Top 1k
28 packages
found in
Top 10k
278 packages
in community
Next steps
Suspicious detections are a lower confidence detection, so you should first review them for malicious intent.
If the software intent does not relate to malicious behavior, investigate the build and release environment for software supply chain compromise.
Proceed with increased caution when using this software package.
Problem
Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Software developers publish components they have authored to public repositories. While a new software project is a welcome addition to the open source community, it is not always prudent to indiscriminately use the latest components when building a commercial application. Irrespective of the software quality, the danger of being the first to try out a new project lies in the fact that the software component may contain novel, currently undetected malicious code. Therefore, it is prudent to review software component behaviors and even try out software component in a sandbox, an environment meant for testing untrusted code.
Prevalence in PyPI community
1 packages
found in
Top 100
13 packages
found in
Top 1k
37 packages
found in
Top 10k
443.06k packages
in community
Next steps
Check the software component behaviors for anomalies.
Consider exploratory software component testing within a sandbox environment.
Consider replacing the software component with a more widely used alternative.
Avoid using this software package until it is vetted as safe.
Problem
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.
Prevalence in PyPI community
20 packages
found in
Top 100
92 packages
found in
Top 1k
907 packages
found in
Top 10k
43.88k packages
in community
Next steps
Investigate reported detections.
If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider rewriting the flagged code without using the marked behaviors.
Problem
Attackers commonly hide their malicious payloads in layers of packing and code obfuscation. Base-encoding is a common data transformation technique used to convert binary payloads into text. Detected software behaviors indicate that the code has the ability to decode and execute Base-encoded data. While presence of dynamic code execution does not imply malicious intent, all of its uses in a software package should be documented and approved. When a software package has behavior traits similar to malicious software, it may become flagged by security solutions. One example of acceptable use for dynamic Base-encoded data execution is transfer of software components over the network.
Prevalence in PyPI community
1 packages
found in
Top 100
6 packages
found in
Top 1k
18 packages
found in
Top 10k
6.2k packages
in community
Next steps
Investigate reported detections as indicators of software tampering.
Consult Mitre ATT&CK documentation: T1027 - Obfuscated Files or Information.
Consider rewriting the flagged code without using the marked behaviors.