Chief Security Researcher, Kaspersky
Igor joined Kaspersky in 2001 as a Virus Analyst. In 2009, he was appointed to the position of Infrastructure Group Manager, where he led the development of the infrastructure for processing and detection of spam messages in the Anti-Spam division.
In 2011, Igor joined the Global Research & Analysis Team at Kaspersky as a Malware Expert. In 2013, he became the Principal Security Researcher on the team, and now he is the Chief Security Researcher. Igor specializes in investigating malware campaigns and reverse engineering advanced malware.
Igor is a graduate of Moscow State Institute of Radio Engineering, Electronics, and Automation. He holds a master’s in Computing Machines, Complexes, Systems, and Networks.
Building software on top of open‑source libraries and packages has become the norm. Modern languages and frameworks, like Python, Node.js, Go, Rust encourage developers to just “download and execute” whatever is offered by third‑party repositories without thinking much about the consequences.
The latest incidents with packages like node‑ipc, CTX show that these consequences may be quite severe, and these are just the cases we know about.
This talk will describe an automated system that the researchers built for monitoring and searching for malicious changes in npm, PyPi, and Crates packages, the challenges they faced and their solutions. The speakers will present the current results and the most interesting discoveries detected in the repositories.