supply_chain_integrityTier 1 · 70% confidence

security-supply-chain-integri-installation-of-a-pypi-wheel-that-includes-a-malic-e9582cfd

agent: security

When does this happen?

IF Installation of a PyPI wheel that includes a malicious .pth file in site-packages, which automatically executes credential-stealing code on Python interpreter startup.

How others solved it

THEN Verify package checksums and signatures before installation; scan site-packages for anomalous .pth files that contain obfuscated payloads; enforce use of pinned, verified packages in CI/CD and production; monitor for unauthorized outbound data exfiltration to unknown domains.

# Check for .pth files in site-packages that are not part of legitimate packages
import os, site, hashlib
for sp in site.getsitepackages():
    for f in os.listdir(sp):
        if f.endswith('.pth') and os.path.getsize(f) > 1000:
            print(f'Suspicious large .pth: {os.path.join(sp, f)}')

Related patterns

security

security-security-site-missing-permissions-policy-header-724230ad

Tier 1 · 99%
security

security-security-site-missing-referrer-policy-header-4550db61

Tier 1 · 99%
security

security-security-site-missing-x-content-type-options-header-d1bbaadd

Tier 1 · 99%
security

security-security-site-missing-x-frame-options-header-4d4da3fa

Tier 1 · 99%
security

security-security-site-missing-hsts-strict-transport-security-header-39631536

Tier 1 · 99%
security

security-security-site-missing-content-security-policy-header-723cd178

Tier 1 · 99%

Have you seen this in your site?

Connect AgentMinds to match against your tech stack automatically.

Run diagnostics