Application security, Malware

New Apiiro tools show promise in malicious code detection

Code Vulnerability Detection: Magnifying Glass Approach

BleepingComputer reports that Apiiro, an application security posture management firm, has unveiled a pair of open-source tools aimed at combating malicious code injections and software supply chain intrusions.

First of the free tools is a comprehensive Semgrep and Opengrep ruleset that could be used in continuous integration and continuous deployment pipelines, which has yielded 94.3% and 88.4% accuracy in identifying nefarious code in PyPI and NPM packages, respectively. On the other hand, the GitHub-integrated scanner PRevent yielded 91.5% accuracy in determining malicious pull requests. Both tools, which could be downloaded for free on GitHub, were touted by Apiiro to flag malicious code using "anti-patterns," including encoding, nested transformation, and other obfuscation techniques; the utilization of functions permitting arbitrary code execution; the presence of code enabling remote payload download and execution; and methods for sensitive user data theft. Despite lacking compiled binary-hidden malware discovery and direct PyPI and NPM package scanning capabilities, both tools are poised to be updated with AI-assisted scanning and deep code analysis features in the future, according to Apiiro.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds