kjaymiller
commented
1 year ago going to be a part of a bigger security conversation - #102
Closed kjaymiller closed 1 year ago
kjaymiller
commented
1 year ago going to be a part of a bigger security conversation - #102
URL
https://jfrog.com/blog/pypi-malware-creators-are-starting-to-employ-anti-debug-techniques/
When was this post released
13 Dec 2022
Summary
Most PyPI malware today tries to avoid static detection using various techniques: starting from primitive variable mangling to sophisticated code flattening and steganography techniques.
Use of these techniques makes the package extremely suspicious, but it does prevent novice researchers from understanding the exact operation of the malware using static analysis tools.
JFrog recently discovered the cookiezlog package which seemed to "employ Anti-debugging code (designed to thwart dynamic analysis tools) in addition to regular obfuscation tools and techniques. This is the first time our research team (or any publication) have spotted these kinds of defenses in PyPI malware."
Code of Conduct