TH15104
Detected presence of files with behaviors exclusively used by malicious software.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
fail | high | high | 1 | tampering: fail Reason: malware-like behaviors found |
About the issueโ
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are exclusively used by malicious software with the intent to cause harm. When a software package matches behavior traits of malicious software, it becomes flagged by security solutions. It is highly likely that the software package was tampered with by a malicious actor or a rogue insider.
How to resolve the issueโ
- Investigate reported detections.
- Investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed.
- In the case this behavior is intended, rewrite the flagged code without using the malware-like behaviors.
Recommended readingโ
- Malware (ReversingLabs glossary)
- Malware analysis (ReversingLabs glossary)