Top issues
Detected presence of known software supply chain attack artifacts.
Causes risk: supply chain attack artifacts
threats
Problem
Proprietary ReversingLabs malware detection algorithms have determined that the software package contains one or more malicious components. The detection was made by either a static byte signature, software component identity, or a complete file hash. This malware detection method is considered highly accurate, and can typically attribute malware to previously discovered software supply chain attacks. It is common to have multiple supply chain attack artifacts that relate to a single malware incident.Prevalence in PyPI community
0 packages
found in
Top 100
0 packages
found in
Top 1k
5 packages
found in
Top 10k
13913 packages
in community
Next steps
If the software intent does not relate to malicious behavior, investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Detected presence of malicious files by a machine learning algorithm.
Causes risk: malicious components found
threats
Problem
Proprietary ReversingLabs malware detection algorithms have determined that the software package contains one or more malicious files. The detection was made by a machine learning model. This malware detection method is considered proactive, and can typically identify the malware threat type. The detection is strongly influenced by behaviors that software components exhibit. Behaviors similar to previously discovered malware and software supply chain attacks may cause some otherwise benign components to be detected as malicious.Prevalence in PyPI community
0 packages
found in
Top 100
6 packages
found in
Top 1k
36 packages
found in
Top 10k
1693 packages
in community
Next steps
Inspect behaviors exhibited by the detected software components.
If the software behaviors differ from expected, investigate the build and release environment for software supply chain compromise.
Avoid using this software package until it is vetted as safe.
Consider rewriting code that may have triggered the detection due to its malware similarity.
Detected presence of malicious files through analyst-vetted file reputation.
Causes risk: analyst-vetted malware found
threats
Problem
Threat researchers have manually inspected the software package and determined that it contains one or more malicious files. The detection was made by a hash-based file reputation lookup. This malware detection method is considered highly accurate, and can typically identify the malware family by name.Prevalence in PyPI community
0 packages
found in
Top 100
0 packages
found in
Top 1k
7 packages
found in
Top 10k
13959 packages
in community
Next steps
Investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Detected presence of malicious files through file reputation or third-party scanners.
Causes risk: malicious components found
threats
Problem
Third-party malware detection algorithms have determined that the software package contains one or more malicious files. The detection was made by a hash-based file reputation lookup. This malware detection method is considered accurate, and can typically identify the malware family by name.Prevalence in PyPI community
0 packages
found in
Top 100
1 packages
found in
Top 1k
18 packages
found in
Top 10k
795 packages
in community
Next steps
If the software intent does not relate to malicious behavior, investigate the build and release environment for software supply chain compromise.
Avoid using this software package.
Detected Windows executable files with imported functions susceptible to pointer hijacking.
Causes risk: execution hijacking concerns
hardening
Problem
Sensitive executable memory regions should be kept as read-only to protect the integrity of trusted execution code flow paths. Imported function addresses are pointers to the symbols that implement the application-required functionality. If those pointers are changed by malicious code, execution paths can be redirected to unintended locations. Most modern programming language toolchains protect those memory regions appropriately. These issues are commonly reported for outdated linkers and non-compliant executable packing solutions.Prevalence in PyPI community
14 packages
found in
Top 100
22 packages
found in
Top 1k
138 packages
found in
Top 10k
3863 packages
in community
Next steps
Review the programming language linker options, and consider a build toolchain update.
Top behaviors
Retrieves the name of the user associated with the process.
search
Prevalence in PyPI community
Behavior uncommon for this community (Uncommon)
0 packages
found in
Top 100
13 packages
found in
Top 1k
82 packages
found in
Top 10k
1822 packages
in community
Retrieves the local computer name.
search
Prevalence in PyPI community
Behavior uncommon for this community (Uncommon)
1 packages
found in
Top 100
14 packages
found in
Top 1k
102 packages
found in
Top 10k
2098 packages
in community
Executes a file.
execution
Prevalence in PyPI community
Behavior often found in this community (Common)
34 packages
found in
Top 100
169 packages
found in
Top 1k
1256 packages
found in
Top 10k
55955 packages
in community
Takes screenshots.
monitor
Prevalence in PyPI community
Behavior uncommon for this community (Uncommon)
1 packages
found in
Top 100
3 packages
found in
Top 1k
35 packages
found in
Top 10k
1105 packages
in community
Loads the kernel32.dll dynamic link library.
execution
Prevalence in PyPI community
Behavior often found in this community (Common)
16 packages
found in
Top 100
86 packages
found in
Top 1k
341 packages
found in
Top 10k
7700 packages
in community
Top vulnerabilities
No vulnerabilities found.