Top issues
Problem
Unicode is a text encoding standard designed to support the use of text written in all of the major languages and writing systems. While most languages are written from left to right, some are written in alternative directions. To accommodate encoding text written in such languages, the Unicode standard includes a number of special characters that allow the text direction to be specified. However, changing text direction can have adverse effects on how the encoded text is displayed and interpreted. For this reason, bidirectional Unicode control characters are commonly abused by malicious actors as a means of bypassing security solutions and avoiding detection. While presence of special Unicode characters does not imply malicious intent, all of its uses in a software package should be documented and approved. One example of acceptable use for these special characters is in script files that parse, validate, and transform Unicode-encoded text.Prevalence in PyPI community
3 packages
found in
Top 100
43 packages
found in
Top 1k
281 packages
found in
Top 10k
8227 packages
in community
Next steps
Investigate reported detections as indicators of software tampering.
Consult Mitre ATT&CK documentation: T1036.002 - Masquerading: Right-to-Left Override.
Consult publicly available materials on the Trojan Source vulnerability.
Problem
Operating systems allow multiple user accounts to coexist on a single computer system. Each registered user has identity information associated with their account. At the very least, user accounts consist of a user name and an optional password. In some cases, user account data may also include personally identifiable information. Extended personal information may include user's given and last name, their email and mailing address, personal photo and their telephone number. Financially motivated attackers may seek to collect personal information for purposes of selling the private data to a third-party. Malicious code that typically exhibits these behavior traits is commonly referred to as an information stealer. While the presence of code that accesses identity information does not necessarily imply malicious intent, all of its uses in a software package should be documented and approved. Accessing identity information is a very common behavior for software packages. One example of acceptable use for such functions is verifying that the active user has purchased a software license that allows them to run the application.Prevalence in PyPI community
14 packages
found in
Top 100
94 packages
found in
Top 1k
529 packages
found in
Top 10k
17318 packages
in community
Next steps
Investigate reported detections as indicators of software tampering.
Consult Mitre ATT&CK documentation: T1033 - System Owner/User Discovery.
Top behaviors
Modifies file/directory permissions.
permissions
Prevalence in PyPI community
Behavior often found in this community (Common)
34 packages
found in
Top 100
185 packages
found in
Top 1k
1062 packages
found in
Top 10k
25867 packages
in community
Changes file ownership.
file
Prevalence in PyPI community
Behavior often found in this community (Common)
17 packages
found in
Top 100
54 packages
found in
Top 1k
426 packages
found in
Top 10k
8152 packages
in community
Prompts user for credentials.
behavior
Prevalence in PyPI community
Behavior often found in this community (Common)
8 packages
found in
Top 100
51 packages
found in
Top 1k
324 packages
found in
Top 10k
12778 packages
in community
Might contain potentially obfuscated code or data.
anomaly
Prevalence in PyPI community
Behavior often found in this community (Common)
13 packages
found in
Top 100
92 packages
found in
Top 1k
565 packages
found in
Top 10k
24963 packages
in community
Encodes data using the Base64 algorithm.
packer
Prevalence in PyPI community
Behavior often found in this community (Common)
39 packages
found in
Top 100
280 packages
found in
Top 1k
1754 packages
found in
Top 10k
67026 packages
in community
Top vulnerabilities
No vulnerabilities found.