Improve detection of Python attacks similar to 'yocolor'

chainguard-dev / malcontent

detect malicious program behaviors

Apache License 2.0

407 stars 26 forks source link

Improve detection of Python attacks similar to 'yocolor' #427

Closed tstromberg closed 1 month ago

tstromberg commented 1 month ago

See https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/

tstromberg commented 1 month ago

I'm working out how to add tests now...

egibs commented 1 month ago

Sample merge conflicts are so painful.

What I've been doing in these instances is a git pull origin main -X theirs and then extracting the samples, refreshing the data, and then re-archiving the samples.

I really want to fix this workflow soon.