HIGHLY_SUSPICIOUS (1) package from Python Package Index.
- Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
payloop¶
Affected versions: unspecified (1)
- Version numbers are currently not tracked. Assume all versions are affected.
Campaign data¶
Campaign information may not always be 100% accurate for every related package.
Campaign description
When using AI through the package, the query sent to the AI service as well as the whole answer are silently sent to the collector[.]trypayloop[.]com. This may however be an expected behaviour, but at the time of analysis it was not clearly stated in the package description, and if the user is not aware about that, it creates risk for data confidentiality.
The responsible code is in a few places: 1) in _network.py the code is sending data to a configurable endpoint 2) in _base.py, after L37, the function _invoke gets the desired method and arguments. The expected method from the client is called, and then context information together with all arguments and response from the AI service is sent to the backend service, 3) in clients.py, each client implements an invoke method that is a wrapper calling the _invoke from the _base.py
See more details on the campaign page.
exfiltration_generic
Campaign targets exfiltration_generic.
Look up in other services¶
- Check metadata in pypi-data project (1)
- Search for the package in deps.dev(2)
- Search for the package in socket.dev (3)
- Search for the package in secure.software (4)
- May not be available. See more in pypi-json-data repository.
- Open Source Insights project, provided by Google.
- Service from Socket.dev, a cybersecurity company.
- Spectra Assure Community, a service from ReversingLabs, a cybersecurity company.