TH15105
Detected presence of files with behaviors that match the hacktool malware profile.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | fail | high | high | 1 | tampering: fail Reason: malware-like behaviors found |
About the issueโ
Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are exclusively used by malicious software with the intent to cause harm. When a software package matches behavior traits of malicious software, it becomes flagged by security solutions. It is highly likely that the software package was tampered with by a malicious actor or a rogue insider. Detected threat type matches the behaviors typically exhibited by the hacktool malware profile. Hacking tools are commonly used by malicious actors to bypass security solutions, exploit system weaknesses, collect personal information, and exfiltrate data. However, due to high-privilege access requirements, some security solutions may also trigger this detection when analyzed.
How to resolve the issueโ
- Investigate reported detections.
- If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed.
- In the case this behavior is intended, rewrite the flagged code without using the malware-like behaviors.
Recommended readingโ
- Hacking tools (External resource - TrendMicro]