Skip to content

PROBABLY_PENTEST (1) campaign cataloged at 2024-10-08(2).

  1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2024-10-old-fake-usreagant

Package imitates the legitimate fake-useragent, however it has a few suspicious additions: fake.py L149 calls a function from 'urllib2' module, which contains a code attempting to JSON-deserialize encoded code. This is a pickle executing os.system(id), which of course isn't executed by json.loads, but would be by pickle. Also: action is suspicious, not really malicious, but the package is a clear typosquatting attempt.

Abuse categories

action-hidden-in-lib-usage

Campaign uses action-hidden-in-lib-usage.

clons_real_package

The package is a clone of a real package, but with malicious code added.

dependency-confusion

Campaign uses dependency-confusion.

typosquatting

Campaign uses typosquatting.

Packages in the campaign

campaign:2024-10-old-fake-usreagant