Multiple YARA matches on embedded executable and powershell endpoint access in METADATA file indicates malicious intent.
No verification record available.
The package exhibits multiple suspicious characteristics. It contains an embedded executable (ruff-0.14.7.data/scripts/ruff), which is further flagged by YARA rules as an obfuscated ELF binary and having fake section headers with a conflicting entry point address. Additionally, the METADATA file contains a YARA match for accessing a hardcoded PowerShell file endpoint. The combination of these factors suggests malicious intent.
