pith. sign in

arxiv: 2606.02196 · v1 · pith:O27FTQOKnew · submitted 2026-06-01 · 💻 cs.CR

PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration

Pith reviewed 2026-06-28 13:55 UTC · model grok-4.3

classification 💻 cs.CR
keywords Python malwareforced executiondynamic analysisevasion bypassPyPI supply chaincrash recoverypath exploration
0
0 comments X

The pith

A forced-execution engine called PyFEX reveals malicious Python code hidden by evasion checks and missing dependencies that defeat standard analysis tools.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

PyFEX addresses the challenges in detecting malicious Python packages on PyPI and compiled binaries by using forced execution to explore all possible paths in the code. It incorporates mechanisms to recover from crashes that would normally stop analysis and to automatically invoke functions that are not called during normal execution. This allows it to uncover behaviors that static tools cannot see due to obfuscation and that dynamic tools miss because they terminate early or are evaded. The authors demonstrate its use in PyFEXScan, which found hundreds of previously unknown malicious packages in a live scan of PyPI.

Core claim

PyFEX is a resilient forced-execution engine for Python that systematically forces execution across all conditional branches to bypass evasion, synthesizes dummy objects for crash recovery to continue past errors, merges paths to control explosion, and automatically identifies and invokes dormant functions to expose hidden malicious logic.

What carries the argument

The resilient crash recovery mechanism, which synthesizes dummy objects to satisfy failed operations at runtime and allow analysis to proceed.

If this is right

  • Existing state-of-the-art tools miss critical malicious behaviors that PyFEX exposes.
  • Live deployment on PyPI can discover unknown malicious packages with significant download counts.
  • Analysis of both source packages and compiled binaries becomes possible despite environmental guardrails.
  • Malicious logic hidden in uncalled APIs can be exposed through automated entry identification.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar resilient execution techniques could be adapted for other scripting languages facing supply-chain attacks.
  • The volume of downloads from the discovered packages indicates that such threats can reach many users before detection.
  • Integrating this approach into package repositories could proactively flag suspicious uploads.

Load-bearing premise

Creating dummy objects to handle failed operations during execution does not alter the program's malicious semantics or produce misleading analysis results.

What would settle it

Observing a malicious package where the dummy object synthesis leads to execution paths that do not reflect the true behavior, causing either missed malicious indicators or incorrect detections.

Figures

Figures reproduced from arXiv: 2606.02196 by Ali Abbasi, Jianqiang Wang, Liwei Guo, Majid Garoosi, Meng Wang, Wenting Fan, Yue Ma.

Figure 1
Figure 1. Figure 1: Overview of PyFEX anti-parser techniques or syntax errors [2, 50], bytecode instrumen￾tation operates on the definitive, low-level instructions executed by the Python Virtual Machine (PVM). This renders our analysis opaque to the malware and compatible with obfuscated or compiled code where AST reconstruction is unreliable. Specifically, we modified the C-level bytecode evaluation loop to intercept control… view at source ↗
Figure 2
Figure 2. Figure 2: Nodestealer Forced Execution of One Conditional [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: VBucks Malware: Trace Property an attempt to read a Discord token file was processed by several functions and ultimately sent to an external server. By synthesizing objects to satisfy otherwise-crashing operations, PyFEX uncovers logic contingent on data from unavailable sources. Simultaneously, the propagation of Synthetic Objects with detailed provenance tracking preserves a rich semantic trace of all co… view at source ↗
read the original abstract

The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index (PyPI), while also building evasive, cross-platform malicious binaries compiled from source code written in Python. Current program analysis techniques struggle to address this dual threat. Static analysis based tools are often blinded by runtime obfuscation and compiled bytecode, while dynamic analysis based ones are fragile, prone to evasion by environmental guardrails, and often terminates prematurely due to unsatisfied dependencies. To overcome these limitations, we present PyFEX, a resilient forced-execution engine. PyFEX explores a program's behavioral space systematically by forcing execution across all conditional branches to bypass evasion checks. To address the fragility of dynamic execution, it introduces a novel resilient crash recovery mechanism that synthesizes dummy objects to satisfy failed operations at the runtime, allowing analysis to proceed past fatal errors, and employs path merging to mitigate path explosion. PyFEX further incorporates an automated entry identification mechanism that proactively discovers and invokes dormant functions, exposing malicious logic hidden within uncalled APIs. To demonstrate the efficacy of this engine, we built PyFEXScan, a proof-of-concept malware detector built on top of PyFEX. Evaluated against both known malicious PyPI packages and real-world compiled binaries, PyFEX exposes critical behaviors missed by the existing state-of-the-art tools. In a live deployment on PyPI, PyFEXScan discovered 212 previously unknown malicious packages accounting for over 91,648 downloads, underscoring the necessity of resilient, exhaustive analysis for securing the Python ecosystem.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The manuscript presents PyFEX, a resilient forced-execution engine for uncovering evasive Python-based threats. It forces execution across all conditional branches to bypass evasion, uses a novel crash recovery mechanism that synthesizes dummy objects to continue past fatal errors, employs path merging to mitigate explosion, and includes automated entry identification for dormant functions. PyFEXScan, built atop PyFEX, is evaluated on known malicious PyPI packages and real-world binaries, claiming to expose behaviors missed by state-of-the-art tools. In a live PyPI deployment, it discovered 212 previously unknown malicious packages accounting for over 91,648 downloads.

Significance. If the results hold and the dummy object synthesis is shown to preserve original semantics, the work would be significant for Python ecosystem security. It addresses limitations of static and dynamic analysis for obfuscated and dependency-dependent code, potentially enabling better detection of supply chain attacks.

major comments (2)
  1. [Abstract] The evaluation claims positive results against known malicious packages and real-world binaries but provides no quantitative metrics, baseline comparisons, false-positive rates, or details on validation of dummy-object synthesis, undermining the ability to assess the strength of the claims.
  2. [Resilient crash recovery mechanism] The central claim that PyFEX exposes critical behaviors missed by SOTA and the discovery of 212 malicious packages depends on the dummy objects not introducing artifacts or changing observed behavior. No validation (e.g., comparison of behaviors with and without dummies or checks for new branches) is mentioned, which is a load-bearing assumption for the empirical results.
minor comments (1)
  1. The abstract could benefit from more precise terminology regarding the 'forced execution' and 'path merging' techniques to aid readers unfamiliar with the subfield.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback. We address each major comment below and will make revisions to strengthen the presentation of empirical results and validation.

read point-by-point responses
  1. Referee: [Abstract] The evaluation claims positive results against known malicious packages and real-world binaries but provides no quantitative metrics, baseline comparisons, false-positive rates, or details on validation of dummy-object synthesis, undermining the ability to assess the strength of the claims.

    Authors: We agree the abstract would benefit from explicit quantitative details. The full manuscript contains evaluation results in Sections 5 and 6, including the 212 new detections and comparisons to prior tools, but these are not summarized numerically in the abstract. In revision we will expand the abstract to report key metrics such as the number of packages and binaries analyzed, detection improvements over baselines, and the false-positive rate from the live PyPI deployment. We will also add a brief statement on the dummy-object validation approach. revision: yes

  2. Referee: [Resilient crash recovery mechanism] The central claim that PyFEX exposes critical behaviors missed by SOTA and the discovery of 212 malicious packages depends on the dummy objects not introducing artifacts or changing observed behavior. No validation (e.g., comparison of behaviors with and without dummies or checks for new branches) is mentioned, which is a load-bearing assumption for the empirical results.

    Authors: The referee is correct that the dummy-object mechanism is load-bearing and that explicit validation is not described. The manuscript details the synthesis approach in Section 4 but does not report controlled experiments comparing runs with and without dummies. We will add a new subsection to the evaluation that performs such validation on a representative subset of packages, measuring differences in observed behaviors, introduced branches, and semantic fidelity. This will directly support the claims about exposing missed behaviors. revision: yes

Circularity Check

0 steps flagged

No significant circularity detected; empirical claims rest on external benchmarks

full rationale

The paper presents PyFEX as a forced-execution system with crash recovery via dummy object synthesis, path merging, and automated entry identification. No equations, fitted parameters, or first-principles derivations appear in the provided text. Central results (exposing missed behaviors, discovering 212 packages) are supported by evaluation on known malicious PyPI samples and live deployment, which constitute external data rather than self-referential inputs. No self-citation load-bearing steps, uniqueness theorems, or ansatzes are invoked to justify the core mechanisms. The derivation chain consists of system description plus empirical measurement and is therefore self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim rests on the unstated premise that dummy-object synthesis during crash recovery does not materially alter program semantics. No free parameters or additional invented entities beyond the dummy objects are described in the abstract.

axioms (1)
  • domain assumption Forced execution across all branches combined with dummy-object synthesis will reach and correctly classify malicious behaviors without excessive false positives or semantic distortion.
    Invoked to justify why the engine can proceed past fatal errors and still expose real threats.
invented entities (1)
  • dummy objects no independent evidence
    purpose: Satisfy failed operations at runtime to allow analysis to continue past crashes
    New mechanism introduced to address fragility of dynamic execution; no independent evidence outside the paper is provided in the abstract.

pith-pipeline@v0.9.1-grok · 5841 in / 1358 out tokens · 21163 ms · 2026-06-28T13:55:59.399216+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

57 extracted references · 3 canonical work pages

  1. [1]

    Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel. 2020. When malware is packin’heat; limits of machine learning classifiers based on static analysis features. In Network and Distributed System Security Symposium . Internet Society

  2. [2]

    Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, and Yonghwi Kwon. 2023. Pyfet: forensically equivalent transformation for python binary decompilation. In 2023 IEEE Symposium on Security and Privacy (SP), 3296–3313

  3. [3]

    Akira Stealer : An Undetected Python Based Info-stealer - CYFIRMA — cy- firma.com

  4. [4]

    Theodoros Apostolopoulos, Vasilios Koutsokostas, Nikolaos Totosis, Constanti- nos Patsakis, and Georgios Smaragdakis. 2025. Coding malware in fancy pro- gramming languages for fun and profit. In Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy (CODASPY ’25). Asso- ciation for Computing Machinery, Pittsburgh, PA, USA, 18–29

  5. [5]

    Stefan Bucur, Johannes Kinder, and George Candea. 2014. Prototyping sym- bolic execution engines for interpreted languages. In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems, 239–254

  6. [6]

    Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. Bert: pre-training of deep bidirectional transformers for language understanding. In Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, volume 1 (long and short papers), 4171–4186

  7. [7]

    Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltafor- maggio, and Wenke Lee. 2021. Towards measuring supply chain attacks on package managers for interpreted languages. In 28th Annual Network and Dis- tributed System Security Symposium, NDSS . (Feb. 2021). https://www.ndss-sym posium.org/wp-content/uploads/ndss2021_1B-1_23055_paper.pdf

  8. [8]

    New Python-Based PXA Stealer Via Telegram Stolen 200,000 Unique Passwords and Hundreds of Credit Cards — cybersecuritynews.com

    Tushar Subhra Dutta. New Python-Based PXA Stealer Via Telegram Stolen 200,000 Unique Passwords and Hundreds of Credit Cards — cybersecuritynews.com

  9. [9]

    Pbot (Malware Family) — malpedia.caad.fkie.fraunhofer.de

    Fraunhofer FKIE. Pbot (Malware Family) — malpedia.caad.fkie.fraunhofer.de

  10. [10]

    PyLocky (Malware Family) — malpedia.caad.fkie.fraunhofer.de

    Fraunhofer FKIE. PyLocky (Malware Family) — malpedia.caad.fkie.fraunhofer.de

  11. [11]

    PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration Conference acronym ’XX, June 03–05, 2018, Woodstock, NY

    FrontPage - py2exe.org — py2exe.org. PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration Conference acronym ’XX, June 03–05, 2018, Woodstock, NY

  12. [12]

    Kai Gao, Weiwei Xu, Wenhao Yang, and Minghui Zhou. 2024. Pyradar: towards automatically retrieving and validating source code repository information for pypi packages. Proceedings of the ACM on Software Engineering , 1, FSE, 2608–2631

  13. [13]

    Xingan Gao, Xiaobing Sun, Sicong Cao, Kaifeng Huang, Di Wu, Xiaolei Liu, Xingwei Lin, and Yang Xiang. 2025. Malguard: towards real-time, accurate, and actionable detection of malicious packages in pypi ecosystem. arXiv: 2506.14466 [cs.CR]. https://arxiv.org/abs/2506.14466

  14. [14]

    — github.com

    GitHub - dashingsoft/pyarmor: A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. — github.com

  15. [15]

    GitHub - DataDog/guarddog: :snake: GuardDog is a CLI tool to Identify mali- cious PyPI and npm packages — github.com

  16. [16]

    — github.com

    GitHub - lyvd/bandit4mal: A fork of Bandit tool with patterns to identifying malicious python code. — github.com

  17. [17]

    GitHub - ossf/package-analysis: Open Source Package Analysis — github.com

  18. [18]

    Wenbo Guo, Chengwei Liu, Ming Kang, Yiran Zhang, Jiahui Wu, Zhengzi Xu, Vinay Sachidananda, and Yang Liu. 2026. Cutting the gordian knot: detecting malicious pypi packages via a knowledge-mining framework. arXiv preprint arXiv:2601.16463

  19. [19]

    Wenbo Guo, Zhengzi Xu, Chengwei Liu, Cheng Huang, Yong Fang, and Yang Liu. 2023. An empirical study of malicious code in pypi ecosystem. In2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE) . IEEE, 166–177

  20. [20]

    Yiheng Huang, Ruisi Wang, Wen Zheng, Zhuotong Zhou, Susheng Wu, Shulin Ke, Bihuan Chen, Shan Gao, and Xin Peng. 2024. Spiderscan: practical detec- tion of malicious npm packages based on graph-based behavior modeling and matching. In Proceedings of the 39th IEEE/ACM International Conference on Au- tomated Software Engineering (ASE ’24). Association for Co...

  21. [21]

    Chijung Jung, Doowon Kim, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon. 2022. Defeating program analysis techniques via ambigu- ous translation. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE ’21). IEEE Press, Melbourne, Australia, 1382–1387

  22. [22]

    APT37 Deploys New Rust and Python Malware Targeting Windows Systems — gbhackers.com

    Mayura Kathir. APT37 Deploys New Rust and Python Malware Targeting Windows Systems — gbhackers.com

  23. [23]

    Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu. 2017. J-force: forced execution on javascript. In Proceedings of the 26th international conference on World Wide Web , 897–906

  24. [24]

    Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, and Haoyu Wang. 2023. Malwukong: towards fast, accurate, and multilingual detec- tion of malicious code poisoning in oss supply chains. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE) . IEEE, 1993– 2005

  25. [25]

    Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, and Changhua Luo

  26. [26]

    In 2024 IEEE Symposium on Security and Privacy (SP) , 222– 238

    Holistic concolic execution for dynamic web applications via symbolic interpreter analysis. In 2024 IEEE Symposium on Security and Privacy (SP) , 222– 238

  27. [27]

    Wentao Liang, Xiang Ling, Jingzheng Wu, Tianyue Luo, and Yanjun Wu. 2023. A needle is an outlier in a haystack: hunting malicious pypi packages with code clustering. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 307–318

  28. [28]

    Malware Package Analysis: aiocpa - The Python Package Index Blog — blog.pypi.org

  29. [29]

    Microsoft. 2020. Ossgadget. https://github.com/microsoft/OSSGadget

  30. [30]

    Davidson

    Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Ali Razmjoo- Qalaei, Mohammad-Reza Zamiri-Gourabi, and Jack W. Davidson. 2019. Malmax: multi-aspect execution for automated dynamic web server malware analysis. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Commu- nications Security (CCS ’19). Association for Computing Machinery, L...

  31. [31]

    New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code — thehackernews.com

    The Hacker News. New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code — thehackernews.com

  32. [32]

    Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstab- ber’s knife collection: a review of open source software supply chain attacks. In International Conference on Detection of Intrusions and Malware, and Vulner- ability Assessment. Springer

  33. [33]

    Nikolaos Pantelaios and Alexandros Kapravelos. 2024. FV8: a forced execution JavaScript engine for detecting evasive techniques. In 33rd USENIX Security Symposium (USENIX Security 24) . USENIX Association, Philadelphia, PA, (Aug. 2024), 3747–3764. https://www.usenix.org/conference/usenixsecurity24/prese ntation/pantelaios

  34. [34]

    Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhen- dong Su. 2014. X-Force: Force-Executing binary programs for security applica- tions. In 23rd USENIX Security Symposium (USENIX Security 14) , 829–844

  35. [35]

    PyInstaller — pypi.org

  36. [36]

    PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion - Checkmarx — checkmarx.com

  37. [37]

    NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts — unit42.paloaltonetworks.com

    Lior Rochberger. NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts — unit42.paloaltonetworks.com

  38. [38]

    Semgrep, Inc. 2024. Semgrep: lightweight static analysis for many languages. Retrieved Apr. 15, 2025 from https://github.com/semgrep/semgrep

  39. [39]

    Ridwan Shariffdeen, Behnaz Hassanshahi, Martin Mirchev, Ali El Husseini, and Abhik Roychoudhury. 2025. Detecting python malware in the software supply chain with program analysis. In 2025 IEEE/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) . IEEE, 203–214

  40. [40]

    Strace — strace.io

    strace. Strace — strace.io. https://strace.io/. ()

  41. [41]

    Xiaobing Sun, Xingan Gao, Sicong Cao, Lili Bo, Xiaoxue Wu, and Kaifeng Huang. 2024. 1+ 1> 2: integrating deep code behaviors with metadata features for malicious pypi package detection. In Proceedings of the 39th IEEE/ACM international conference on automated software engineering , 1159–1170

  42. [42]

    The Python Software Foundation. 2024. CPython: The Python programming language. Retrieved Apr. 15, 2025 from https://github.com/python/cpython

  43. [43]

    TIOBE Software BV. 2025. TIOBE Index (archived). (Mar. 2025). Retrieved Apr. 15, 2025 from https://web.archive.org/web/20250315003022/https://www .tiobe.com/tiobe-index/

  44. [44]

    Two more malicious Python packages in the PyPI — securelist.com

  45. [45]

    https://www.bleepingcomputer.com/news/security/ukrain es-army-targeted-in-new-charity-themed-malware-campaign/

    Ukraine’s army targeted in new charity-themed malware campaign — bleep- ingcomputer.com. https://www.bleepingcomputer.com/news/security/ukrain es-army-targeted-in-new-charity-themed-malware-campaign/. ()

  46. [46]

    XillenStealer

    UNMASKING A PYTHON STEALER - "XillenStealer" - CYFIRMA — cyfirma.com

  47. [47]

    VirusTotal. 2012. Yara. https://github.com/VirusTotal/yara

  48. [48]

    Duc-Ly Vu. 2020. A fork of bandit tool with patterns to identifying malicious python code. Retrieved September, 25, 2024

  49. [49]

    Malicious Packages Hidden in PyPI | FortiGuard Labs — fortinet.com

    Jenna Wang. Malicious Packages Hidden in PyPI | FortiGuard Labs — fortinet.com

  50. [50]

    Gary Wassermann, Dachuan Yu, Ajay Chander, Dinakar Dhurjati, Hiroshi Inamura, and Zhendong Su. 2008. Dynamic test input generation for web applications. In Proceedings of the 2008 international symposium on Software testing and analysis, 249–260

  51. [51]

    Josh Wiedemeier, Elliot Tarbet, Max Zheng, Sangsoo Ko, Jessica Ouyang, Sang Kil Cha, and Kangkook Jee. 2025. Pylingual: toward perfect decompilation of evolving high-level languages. In 2025 IEEE Symposium on Security and Privacy (SP). IEEE, 2976–2994

  52. [52]

    Take it Easy, and Say Hi to This New Python Ransomware — fortinet.com

    Sarah (Qi) Wu and He Xu. Take it Easy, and Say Hi to This New Python Ransomware — fortinet.com

  53. [53]

    Nusrat Zahan, Philipp Burckhardt, Mikola Lysenko, Feross Aboukhadijeh, and Laurie Williams. 2025. Leveraging Large Language Models to Detect NPM Malicious Packages. In2025 IEEE/ACM 47th International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 2625–2637

  54. [54]

    Junan Zhang, Kaifeng Huang, Yiheng Huang, Bihuan Chen, Ruisi Wang, Chong Wang, and Xin Peng. 2025. Killing two birds with one stone: malicious package detection in npm and pypi using a single model of malicious behavior sequence. ACM Transactions on Software Engineering and Methodology , 34, 4, 1–28

  55. [55]

    XiangRui Zhang, XueJie Du, HaoYu Chen, Yongzhong He, Wenjia Niu, and Qiang Li. 2025. Automatically generating rules of malicious software packages via large language model. In2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . IEEE, 734–747

  56. [56]

    Xinyi Zheng, Chen Wei, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, and Haoyu Wang. 2024. Towards robust detection of open source software supply chain poisoning attacks in industry environments. In Proceedings of the 39th IEEE/ACM international conference on automated software engineering, 1990–2001

  57. [57]

    result":

    Steve Zurier. Python byte code used to avoid detection and load malware — scworld.com. A Appendix A.1 Case Study A.1.1 Identified New Malware Distribution Campaign. This case study examines a PyPI supply-chain-attack campaign we name PyGet, which masqueraded as a command-line utility for down- loading and executing remote binaries. The packages distribute...