title: Malicious Library (T1204.005)
id: df00tech-t1204-005
status: experimental
description: "Adversaries may rely on a user installing a malicious library to facilitate execution. Threat actors upload malware to package managers such as NPM and PyPI, or backdoor existing popular libraries through supply chain compromise. Users install these libraries without realizing they are malicious, bypassing initial access controls. Execution occurs via setup.py install-time scripts (Python), postinstall/preinstall lifecycle hooks (NPM/yarn), or malicious code embedded in library modules that executes on import. Common delivery vectors include typosquatting (e.g., 'reqeusts' vs 'requests'), dependency confusion attacks, compromised maintainer accounts, and first-use namespace squatting. Threat actors including Contagious Interview have leveraged malicious NPM and Python packages published to public registries to deliver infostealers, remote access tools, and BeaverTail/InvisibleFerret malware targeting software developers."
references:
  - https://attack.mitre.org/techniques/T1204/005/
  - https://df00tech.com/detections/T1204.005
author: df00tech
date: 2026/04/19
tags:
  - attack.t1204.005
# NOTE: logsource is auto-derived and may need adjustment for your environment
logsource:
  category: process_creation
  product: windows
detection:
  # This detection logic could not be auto-translated; see the KQL/SPL query on df00tech.
  selection:
    EventID: '*'
  condition: selection
falsepositives:
  - "Legitimate Python packages with compiled extensions (e.g., numpy, scipy, cryptography) invoke MSVC toolchain processes (cl.exe, link.exe) during build — these are not LOLBins but may cause noise if broad parent-process filters are used"
  - "NPM packages with native addons use node-gyp, which spawns cmd.exe and Python — filter by known build tools in the postinstall command line"
  - Developer environments where Python or Node scripts make legitimate API calls to internal services on non-standard ports — baseline expected outbound destinations and ports for developer workstations
  - "CI/CD pipeline agents (Jenkins, GitHub Actions self-hosted runners) routinely run pip/npm installs that produce process trees with build tooling — apply host-based allowlists for known build agent hostnames"
  - Package manager updates of setuptools or pip itself may write executables to site-packages — the FolderPath filter excludes site-packages paths but confirm in your environment
level: high