Stanislav Rakovsky

TI Specialist, Positive Technologies Expert Security Center (PT ESC)

About the speaker

Working at PT ESC Threat Intelligence, Stanislav is responsible for malware analysis. He explores various aspects of information security related to automating the analysis of open‑source software.

August 25
12:00–13:00
Track 1
Russian

Every month, malicious packages are reported to be found and neutralized in the PyPI, npm, and RubyGems repositories. They steal AWS tokens, payment card data, browser passwords, and other sensitive information. Open‑source projects appear to be a great opportunity for information security vendors to demonstrate their robust solutions for secure development. Hence, malware is not supposed to go unnoticed for a long time. But how do things actually stand?

This study, which began in February 2022, uncovers over a hundred packages in PyPI that somehow escaped the eyes of security researchers, with the oldest package dating back to July 2018. The report explains how trojans in Python disguise themselves, what evasion methods they use, and how they are spotted by the detection system.