Novel ELF64 Remote Access Tool Embedded in Malicious PyPI Uploads
Analyzing a Linux-targeted malware campaign on the Python Package Index.
Your Packaging Ecosystem
Malware Free
Developing open source tools to promote open source security.
Our Goal:
A safer supply chain and a more resilient open source ecosystem.
Features
How does Vipyr Security protect you?
Here are a few reasons we think we stand out from the crowd.
1000+ Positive Detections
A structured incident response pipeline triaging and analyzing potential malware with an average takedown of 10 minutes or less.
Open Source Development
End user configurable, language agnostic design can be extended to scan and triage any type of file, and scaled to fit any workload.
All Volunteer Team
Maintained by a dedicated team of open source security enthusiasts rapidly adapting to tomorrow's cyber threat landscape.
24/7 Packaging Ecosystem Scanning
Utilizing cloud-native application development and cutting-edge monitoring to maintain constant vigilance over the open source supply chain.
1.16M
Packages Scanned
1322
Package Takedowns
150+
Detection Signatures
16
Contributors
projects
Supply Chain Security
Dragonfly
A scalable suite of detection applications and automated triaging for analysis results.Dragonfly - Client
A dockerized malware scanner written in Rust to safely perform static analysis on files using VirusTotal YARA rules.
Dragonfly - Server
A FastAPI-based command and control server performing data aggregation and file distribution functions for use with the client scanning application.
Dragonfly - Bot
A Discord front end to allow for community triaging and analysis of potentially malicious files detected by the Dragonfly framework.
Catch up with our latest research!
View all posts »Want to know what threats are affecting the software supply chain? Check out some of the articles by our team of malware analysts and engineers.
The Dependency Dilemma
Examining the cascading effect of software supply chain compromises and their mitigation strategies.
Dragonfly Client Internals
Discussing the internals of our client compute node in the Dragonfly framework.
Nuisance Malware
Discussing a persistent threat actor group utilizing automated malware pipelines to productionize malware uploads.