failIncident: Malware

Scanned:

dbgpkg

Artifact:

latest

malicious

Research

Python Debugging Toolkit

License: Permissive (MIT)

Published:

See on PyPI

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

No sensitive information found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

No application hardening issues

Threats

Tampering

2 malware-like behaviors found

Malware

3 supply chain attack artifacts

IMPORTANT: All versions of this package have been malicious

Latest malware incident detected:

Version: 1.3.8

INCIDENTS FOR THIS VERSION:

malware

Reported By: ReversingLabs (Researcher)

Learn more about malware detection

malware

Reported By: Community (OpenSSF)

More info

List of software behaviors discovered with static code analysis.

Info

Count

Prevalence in PyPI community

Behavior often found in this community (Common)

70 packages

found in

Top 100

472 packages

found in

Top 1k

4207 packages

found in

Top 10k

413.79k packages

in community

Contains URLs related to paste-and-share services.1

network

Prevalence in PyPI community

Behavior uncommon for this community (Uncommon)

1 packages

found in

Top 100

15 packages

found in

Top 1k

104 packages

found in

Top 10k

2.92k packages

in community

Imports the "sys" module, which provides access to system-specific parameters and functions.2

execution

Prevalence in PyPI community

Behavior often found in this community (Common)

100 packages

found in

Top 100

840 packages

found in

Top 1k

7148 packages

found in

Top 10k

332.43k packages

in community

Imports the "subprocess" module, which provides functions for creating new processes.1

execution

Prevalence in PyPI community

Behavior often found in this community (Common)

60 packages

found in

Top 100

456 packages

found in

Top 1k

3056 packages

found in

Top 10k

133.42k packages

in community

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.