PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration
Pith reviewed 2026-06-28 13:55 UTC · model grok-4.3
The pith
A forced-execution engine called PyFEX reveals malicious Python code hidden by evasion checks and missing dependencies that defeat standard analysis tools.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
PyFEX is a resilient forced-execution engine for Python that systematically forces execution across all conditional branches to bypass evasion, synthesizes dummy objects for crash recovery to continue past errors, merges paths to control explosion, and automatically identifies and invokes dormant functions to expose hidden malicious logic.
What carries the argument
The resilient crash recovery mechanism, which synthesizes dummy objects to satisfy failed operations at runtime and allow analysis to proceed.
If this is right
- Existing state-of-the-art tools miss critical malicious behaviors that PyFEX exposes.
- Live deployment on PyPI can discover unknown malicious packages with significant download counts.
- Analysis of both source packages and compiled binaries becomes possible despite environmental guardrails.
- Malicious logic hidden in uncalled APIs can be exposed through automated entry identification.
Where Pith is reading between the lines
- Similar resilient execution techniques could be adapted for other scripting languages facing supply-chain attacks.
- The volume of downloads from the discovered packages indicates that such threats can reach many users before detection.
- Integrating this approach into package repositories could proactively flag suspicious uploads.
Load-bearing premise
Creating dummy objects to handle failed operations during execution does not alter the program's malicious semantics or produce misleading analysis results.
What would settle it
Observing a malicious package where the dummy object synthesis leads to execution paths that do not reflect the true behavior, causing either missed malicious indicators or incorrect detections.
Figures
read the original abstract
The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index (PyPI), while also building evasive, cross-platform malicious binaries compiled from source code written in Python. Current program analysis techniques struggle to address this dual threat. Static analysis based tools are often blinded by runtime obfuscation and compiled bytecode, while dynamic analysis based ones are fragile, prone to evasion by environmental guardrails, and often terminates prematurely due to unsatisfied dependencies. To overcome these limitations, we present PyFEX, a resilient forced-execution engine. PyFEX explores a program's behavioral space systematically by forcing execution across all conditional branches to bypass evasion checks. To address the fragility of dynamic execution, it introduces a novel resilient crash recovery mechanism that synthesizes dummy objects to satisfy failed operations at the runtime, allowing analysis to proceed past fatal errors, and employs path merging to mitigate path explosion. PyFEX further incorporates an automated entry identification mechanism that proactively discovers and invokes dormant functions, exposing malicious logic hidden within uncalled APIs. To demonstrate the efficacy of this engine, we built PyFEXScan, a proof-of-concept malware detector built on top of PyFEX. Evaluated against both known malicious PyPI packages and real-world compiled binaries, PyFEX exposes critical behaviors missed by the existing state-of-the-art tools. In a live deployment on PyPI, PyFEXScan discovered 212 previously unknown malicious packages accounting for over 91,648 downloads, underscoring the necessity of resilient, exhaustive analysis for securing the Python ecosystem.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The manuscript presents PyFEX, a resilient forced-execution engine for uncovering evasive Python-based threats. It forces execution across all conditional branches to bypass evasion, uses a novel crash recovery mechanism that synthesizes dummy objects to continue past fatal errors, employs path merging to mitigate explosion, and includes automated entry identification for dormant functions. PyFEXScan, built atop PyFEX, is evaluated on known malicious PyPI packages and real-world binaries, claiming to expose behaviors missed by state-of-the-art tools. In a live PyPI deployment, it discovered 212 previously unknown malicious packages accounting for over 91,648 downloads.
Significance. If the results hold and the dummy object synthesis is shown to preserve original semantics, the work would be significant for Python ecosystem security. It addresses limitations of static and dynamic analysis for obfuscated and dependency-dependent code, potentially enabling better detection of supply chain attacks.
major comments (2)
- [Abstract] The evaluation claims positive results against known malicious packages and real-world binaries but provides no quantitative metrics, baseline comparisons, false-positive rates, or details on validation of dummy-object synthesis, undermining the ability to assess the strength of the claims.
- [Resilient crash recovery mechanism] The central claim that PyFEX exposes critical behaviors missed by SOTA and the discovery of 212 malicious packages depends on the dummy objects not introducing artifacts or changing observed behavior. No validation (e.g., comparison of behaviors with and without dummies or checks for new branches) is mentioned, which is a load-bearing assumption for the empirical results.
minor comments (1)
- The abstract could benefit from more precise terminology regarding the 'forced execution' and 'path merging' techniques to aid readers unfamiliar with the subfield.
Simulated Author's Rebuttal
We thank the referee for the constructive feedback. We address each major comment below and will make revisions to strengthen the presentation of empirical results and validation.
read point-by-point responses
-
Referee: [Abstract] The evaluation claims positive results against known malicious packages and real-world binaries but provides no quantitative metrics, baseline comparisons, false-positive rates, or details on validation of dummy-object synthesis, undermining the ability to assess the strength of the claims.
Authors: We agree the abstract would benefit from explicit quantitative details. The full manuscript contains evaluation results in Sections 5 and 6, including the 212 new detections and comparisons to prior tools, but these are not summarized numerically in the abstract. In revision we will expand the abstract to report key metrics such as the number of packages and binaries analyzed, detection improvements over baselines, and the false-positive rate from the live PyPI deployment. We will also add a brief statement on the dummy-object validation approach. revision: yes
-
Referee: [Resilient crash recovery mechanism] The central claim that PyFEX exposes critical behaviors missed by SOTA and the discovery of 212 malicious packages depends on the dummy objects not introducing artifacts or changing observed behavior. No validation (e.g., comparison of behaviors with and without dummies or checks for new branches) is mentioned, which is a load-bearing assumption for the empirical results.
Authors: The referee is correct that the dummy-object mechanism is load-bearing and that explicit validation is not described. The manuscript details the synthesis approach in Section 4 but does not report controlled experiments comparing runs with and without dummies. We will add a new subsection to the evaluation that performs such validation on a representative subset of packages, measuring differences in observed behaviors, introduced branches, and semantic fidelity. This will directly support the claims about exposing missed behaviors. revision: yes
Circularity Check
No significant circularity detected; empirical claims rest on external benchmarks
full rationale
The paper presents PyFEX as a forced-execution system with crash recovery via dummy object synthesis, path merging, and automated entry identification. No equations, fitted parameters, or first-principles derivations appear in the provided text. Central results (exposing missed behaviors, discovering 212 packages) are supported by evaluation on known malicious PyPI samples and live deployment, which constitute external data rather than self-referential inputs. No self-citation load-bearing steps, uniqueness theorems, or ansatzes are invoked to justify the core mechanisms. The derivation chain consists of system description plus empirical measurement and is therefore self-contained against external benchmarks.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption Forced execution across all branches combined with dummy-object synthesis will reach and correctly classify malicious behaviors without excessive false positives or semantic distortion.
invented entities (1)
-
dummy objects
no independent evidence
Reference graph
Works this paper leans on
-
[1]
Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, and Christopher Kruegel. 2020. When malware is packin’heat; limits of machine learning classifiers based on static analysis features. In Network and Distributed System Security Symposium . Internet Society
2020
-
[2]
Ali Ahad, Chijung Jung, Ammar Askar, Doowon Kim, Taesoo Kim, and Yonghwi Kwon. 2023. Pyfet: forensically equivalent transformation for python binary decompilation. In 2023 IEEE Symposium on Security and Privacy (SP), 3296–3313
2023
-
[3]
Akira Stealer : An Undetected Python Based Info-stealer - CYFIRMA — cy- firma.com
-
[4]
Theodoros Apostolopoulos, Vasilios Koutsokostas, Nikolaos Totosis, Constanti- nos Patsakis, and Georgios Smaragdakis. 2025. Coding malware in fancy pro- gramming languages for fun and profit. In Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy (CODASPY ’25). Asso- ciation for Computing Machinery, Pittsburgh, PA, USA, 18–29
2025
-
[5]
Stefan Bucur, Johannes Kinder, and George Candea. 2014. Prototyping sym- bolic execution engines for interpreted languages. In Proceedings of the 19th international conference on Architectural support for programming languages and operating systems, 239–254
2014
-
[6]
Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. Bert: pre-training of deep bidirectional transformers for language understanding. In Proceedings of the 2019 conference of the North American chapter of the association for computational linguistics: human language technologies, volume 1 (long and short papers), 4171–4186
2019
-
[7]
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltafor- maggio, and Wenke Lee. 2021. Towards measuring supply chain attacks on package managers for interpreted languages. In 28th Annual Network and Dis- tributed System Security Symposium, NDSS . (Feb. 2021). https://www.ndss-sym posium.org/wp-content/uploads/ndss2021_1B-1_23055_paper.pdf
2021
-
[8]
New Python-Based PXA Stealer Via Telegram Stolen 200,000 Unique Passwords and Hundreds of Credit Cards — cybersecuritynews.com
Tushar Subhra Dutta. New Python-Based PXA Stealer Via Telegram Stolen 200,000 Unique Passwords and Hundreds of Credit Cards — cybersecuritynews.com
-
[9]
Pbot (Malware Family) — malpedia.caad.fkie.fraunhofer.de
Fraunhofer FKIE. Pbot (Malware Family) — malpedia.caad.fkie.fraunhofer.de
-
[10]
PyLocky (Malware Family) — malpedia.caad.fkie.fraunhofer.de
Fraunhofer FKIE. PyLocky (Malware Family) — malpedia.caad.fkie.fraunhofer.de
-
[11]
PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration Conference acronym ’XX, June 03–05, 2018, Woodstock, NY
FrontPage - py2exe.org — py2exe.org. PyFEX: Uncovering Evasive Python-based Threats via Resilient and Exhaustive Path Exploration Conference acronym ’XX, June 03–05, 2018, Woodstock, NY
2018
-
[12]
Kai Gao, Weiwei Xu, Wenhao Yang, and Minghui Zhou. 2024. Pyradar: towards automatically retrieving and validating source code repository information for pypi packages. Proceedings of the ACM on Software Engineering , 1, FSE, 2608–2631
2024
- [13]
-
[14]
— github.com
GitHub - dashingsoft/pyarmor: A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts. — github.com
-
[15]
GitHub - DataDog/guarddog: :snake: GuardDog is a CLI tool to Identify mali- cious PyPI and npm packages — github.com
-
[16]
— github.com
GitHub - lyvd/bandit4mal: A fork of Bandit tool with patterns to identifying malicious python code. — github.com
-
[17]
GitHub - ossf/package-analysis: Open Source Package Analysis — github.com
- [18]
-
[19]
Wenbo Guo, Zhengzi Xu, Chengwei Liu, Cheng Huang, Yong Fang, and Yang Liu. 2023. An empirical study of malicious code in pypi ecosystem. In2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE) . IEEE, 166–177
2023
-
[20]
Yiheng Huang, Ruisi Wang, Wen Zheng, Zhuotong Zhou, Susheng Wu, Shulin Ke, Bihuan Chen, Shan Gao, and Xin Peng. 2024. Spiderscan: practical detec- tion of malicious npm packages based on graph-based behavior modeling and matching. In Proceedings of the 39th IEEE/ACM International Conference on Au- tomated Software Engineering (ASE ’24). Association for Co...
2024
-
[21]
Chijung Jung, Doowon Kim, Weihang Wang, Yunhui Zheng, Kyu Hyung Lee, and Yonghwi Kwon. 2022. Defeating program analysis techniques via ambigu- ous translation. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE ’21). IEEE Press, Melbourne, Australia, 1382–1387
2022
-
[22]
APT37 Deploys New Rust and Python Malware Targeting Windows Systems — gbhackers.com
Mayura Kathir. APT37 Deploys New Rust and Python Malware Targeting Windows Systems — gbhackers.com
-
[23]
Kyungtae Kim, I Luk Kim, Chung Hwan Kim, Yonghwi Kwon, Yunhui Zheng, Xiangyu Zhang, and Dongyan Xu. 2017. J-force: forced execution on javascript. In Proceedings of the 26th international conference on World Wide Web , 897–906
2017
-
[24]
Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, and Haoyu Wang. 2023. Malwukong: towards fast, accurate, and multilingual detec- tion of malicious code poisoning in oss supply chains. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE) . IEEE, 1993– 2005
2023
-
[25]
Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, and Changhua Luo
-
[26]
In 2024 IEEE Symposium on Security and Privacy (SP) , 222– 238
Holistic concolic execution for dynamic web applications via symbolic interpreter analysis. In 2024 IEEE Symposium on Security and Privacy (SP) , 222– 238
2024
-
[27]
Wentao Liang, Xiang Ling, Jingzheng Wu, Tianyue Luo, and Yanjun Wu. 2023. A needle is an outlier in a haystack: hunting malicious pypi packages with code clustering. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 307–318
2023
-
[28]
Malware Package Analysis: aiocpa - The Python Package Index Blog — blog.pypi.org
-
[29]
Microsoft. 2020. Ossgadget. https://github.com/microsoft/OSSGadget
2020
-
[30]
Davidson
Abbas Naderi-Afooshteh, Yonghwi Kwon, Anh Nguyen-Tuong, Ali Razmjoo- Qalaei, Mohammad-Reza Zamiri-Gourabi, and Jack W. Davidson. 2019. Malmax: multi-aspect execution for automated dynamic web server malware analysis. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Commu- nications Security (CCS ’19). Association for Computing Machinery, L...
2019
-
[31]
New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code — thehackernews.com
The Hacker News. New VVS Stealer Malware Targets Discord Accounts via Obfuscated Python Code — thehackernews.com
-
[32]
Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstab- ber’s knife collection: a review of open source software supply chain attacks. In International Conference on Detection of Intrusions and Malware, and Vulner- ability Assessment. Springer
2020
-
[33]
Nikolaos Pantelaios and Alexandros Kapravelos. 2024. FV8: a forced execution JavaScript engine for detecting evasive techniques. In 33rd USENIX Security Symposium (USENIX Security 24) . USENIX Association, Philadelphia, PA, (Aug. 2024), 3747–3764. https://www.usenix.org/conference/usenixsecurity24/prese ntation/pantelaios
2024
-
[34]
Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhen- dong Su. 2014. X-Force: Force-Executing binary programs for security applica- tions. In 23rd USENIX Security Symposium (USENIX Security 14) , 829–844
2014
-
[35]
PyInstaller — pypi.org
-
[36]
PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion - Checkmarx — checkmarx.com
-
[37]
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts — unit42.paloaltonetworks.com
Lior Rochberger. NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts — unit42.paloaltonetworks.com
-
[38]
Semgrep, Inc. 2024. Semgrep: lightweight static analysis for many languages. Retrieved Apr. 15, 2025 from https://github.com/semgrep/semgrep
2024
-
[39]
Ridwan Shariffdeen, Behnaz Hassanshahi, Martin Mirchev, Ali El Husseini, and Abhik Roychoudhury. 2025. Detecting python malware in the software supply chain with program analysis. In 2025 IEEE/ACM 47th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP) . IEEE, 203–214
2025
-
[40]
Strace — strace.io
strace. Strace — strace.io. https://strace.io/. ()
-
[41]
Xiaobing Sun, Xingan Gao, Sicong Cao, Lili Bo, Xiaoxue Wu, and Kaifeng Huang. 2024. 1+ 1> 2: integrating deep code behaviors with metadata features for malicious pypi package detection. In Proceedings of the 39th IEEE/ACM international conference on automated software engineering , 1159–1170
2024
-
[42]
The Python Software Foundation. 2024. CPython: The Python programming language. Retrieved Apr. 15, 2025 from https://github.com/python/cpython
2024
- [43]
-
[44]
Two more malicious Python packages in the PyPI — securelist.com
-
[45]
https://www.bleepingcomputer.com/news/security/ukrain es-army-targeted-in-new-charity-themed-malware-campaign/
Ukraine’s army targeted in new charity-themed malware campaign — bleep- ingcomputer.com. https://www.bleepingcomputer.com/news/security/ukrain es-army-targeted-in-new-charity-themed-malware-campaign/. ()
-
[46]
XillenStealer
UNMASKING A PYTHON STEALER - "XillenStealer" - CYFIRMA — cyfirma.com
-
[47]
VirusTotal. 2012. Yara. https://github.com/VirusTotal/yara
2012
-
[48]
Duc-Ly Vu. 2020. A fork of bandit tool with patterns to identifying malicious python code. Retrieved September, 25, 2024
2020
-
[49]
Malicious Packages Hidden in PyPI | FortiGuard Labs — fortinet.com
Jenna Wang. Malicious Packages Hidden in PyPI | FortiGuard Labs — fortinet.com
-
[50]
Gary Wassermann, Dachuan Yu, Ajay Chander, Dinakar Dhurjati, Hiroshi Inamura, and Zhendong Su. 2008. Dynamic test input generation for web applications. In Proceedings of the 2008 international symposium on Software testing and analysis, 249–260
2008
-
[51]
Josh Wiedemeier, Elliot Tarbet, Max Zheng, Sangsoo Ko, Jessica Ouyang, Sang Kil Cha, and Kangkook Jee. 2025. Pylingual: toward perfect decompilation of evolving high-level languages. In 2025 IEEE Symposium on Security and Privacy (SP). IEEE, 2976–2994
2025
-
[52]
Take it Easy, and Say Hi to This New Python Ransomware — fortinet.com
Sarah (Qi) Wu and He Xu. Take it Easy, and Say Hi to This New Python Ransomware — fortinet.com
-
[53]
Nusrat Zahan, Philipp Burckhardt, Mikola Lysenko, Feross Aboukhadijeh, and Laurie Williams. 2025. Leveraging Large Language Models to Detect NPM Malicious Packages. In2025 IEEE/ACM 47th International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 2625–2637
2025
-
[54]
Junan Zhang, Kaifeng Huang, Yiheng Huang, Bihuan Chen, Ruisi Wang, Chong Wang, and Xin Peng. 2025. Killing two birds with one stone: malicious package detection in npm and pypi using a single model of malicious behavior sequence. ACM Transactions on Software Engineering and Methodology , 34, 4, 1–28
2025
-
[55]
XiangRui Zhang, XueJie Du, HaoYu Chen, Yongzhong He, Wenjia Niu, and Qiang Li. 2025. Automatically generating rules of malicious software packages via large language model. In2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . IEEE, 734–747
2025
-
[56]
Xinyi Zheng, Chen Wei, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, and Haoyu Wang. 2024. Towards robust detection of open source software supply chain poisoning attacks in industry environments. In Proceedings of the 39th IEEE/ACM international conference on automated software engineering, 1990–2001
2024
-
[57]
result":
Steve Zurier. Python byte code used to avoid detection and load malware — scworld.com. A Appendix A.1 Case Study A.1.1 Identified New Malware Distribution Campaign. This case study examines a PyPI supply-chain-attack campaign we name PyGet, which masqueraded as a command-line utility for down- loading and executing remote binaries. The packages distribute...
2018
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.