56% of PyPI malware runs at install, so I sandboxed pip with eBPF

13 points

4 months ago

I've been analyzing the QUT-DV25 malware dataset (14k samples) and found that a majority of malicious packages constitute a "blind spot" in typical CI pipelines: they execute payloads immediately via setup.py or post-install scripts, before any static analysis or runtime monitoring kicks in.

I built KEIP as a PoC to experiment with "install-time enforcement". It uses BPF LSM hooks to monitor the pip process tree and strictly enforces a whitelist for connect() syscalls. Anything not destined for the package repo (PyPI) gets blocked.

It successfully stopped 100% of the active C2 exfiltration attempts in the dataset I tested.

Open source (GPL). The code is a bit rough but works on kernel 5.8+ with BTF. Repo: https://github.com/Otsmane-Ahmed/KEIP ,Write-up: https://medium.com/@rafik222dz/every-pip-install-you-run-is-a-bet-you-are-making-with-your-machine-9fce4526fc8e

Curious to hear thoughts on kernel-level enforcement vs user-space sandboxing for package managers.