Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages

Abstract: The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated malware. Such situations lead to an unreasonably high rate of false positives. This paper highlights that dynamic analysis, rather than static analysis, provides greater insight but is also more resource-intensive for understanding software behaviour during execution. In this study, we enhance a dynamic analysis tool, package-analysis, to capture key runtime behaviours, including commands executed, files accessed, and network communications. This modification enables the use of container sandboxing technologies, such as gVisor, to analyse potentially malicious packages without significantly compromising the host system.