On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI
Piergiorgio Ladisa, Serena Elisa Ponta, Nicola Ronzoni, Matías Martínez, Olivier Barais
Abstract
Current software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing malicious code.
Topics & Concepts
MalwareComputer scienceOpen sourcePopularityOperating systemSoftwareSource codeComputer securitySocial psychologyPsychologyAdvanced Malware Detection TechniquesDigital and Cyber ForensicsNetwork Security and Intrusion Detection