Collects and exfiltrates sensitive system information to suspicious domains. Multiple YARA rules are triggered. High entropy file. Extension mismatch.
No verification record available.
The package exhibits multiple strong indicators of malicious behavior. Both index.js and setup.py collect and exfiltrate sensitive system information (hostname, username, current directory, DNS servers, package information) to suspicious oastify.com domains. The LLM-based analysis confirms this exfiltration and flags the hostnames as suspicious. Additionally, the YARA rules nodejs_phone_home, nodejs_phone_home_interact_sh, burp_collab, and pysetup_gets_login are triggered, further supporting the malicious assessment. The file dependency1337-1.0.0.tar.gz has very high entropy, and dependency1337-1.0.0-py3-none-any.whl extension doesn't match its content, which are also suspicious.
