chore: pattern update 2026.04.08.1 — MAL-063, SUP-031, PINJ-020 by kurtpayne · Pull Request #182 · kurtpayne/skillscan-security

kurtpayne · 2026-04-08T17:39:25Z

Pattern Update 2026.04.08.1

Three new detection rules targeting active threats in the wild, plus IOC and vuln DB enrichment.

New Rules

MAL-063 (critical) — Lazarus Group graphalgo fake-recruitment npm/PyPI RAT campaign

The Lazarus Group (DPRK) is targeting cryptocurrency developers and AI engineers with a fake-recruitment campaign. Victims receive fake job offers on LinkedIn/Telegram and are asked to install a "coding challenge" npm or PyPI package. The packages contain a multi-stage RAT beaconing to C2 infrastructure.

Malicious packages detected: graphalgo, graphorithm, graphstruct, graphlibcore, netstruct, graphnetworkx, terminalcolor256, bigmathutils, bigmathex, duer-js, xpack-per-*

C2 domains added to IOC DB: codepool.cloud, aurevian.cloud, veltrixcap.org

Sources: ReversingLabs, Socket.dev

SUP-031 (high) — PackageGate npm/pnpm lifecycle script security bypass (CVE-2025-69264, CVE-2025-69263)

Two zero-day vulnerabilities discovered by PackageGate researchers allow attackers to bypass --ignore-scripts and lockfile integrity checks in npm and pnpm. Malicious preinstall/postinstall lifecycle scripts execute even when security controls are enabled.

Fixed in: pnpm 10.6.5+, npm 11.3.0+

Sources: PackageGate blog

PINJ-020 (critical) — MINJA cross-session AI agent memory poisoning via untrusted documents

MINJA (Memory INJection Attack, OWASP ASI-06) embeds malicious instructions in untrusted documents (emails, PDFs, web pages) that get stored into the agent's long-term memory or vector store. Future sessions retrieve and execute the injected instructions, enabling persistent cross-session control.

Sources: Wiz Research, OWASP AI Security Guide

Artifacts Changed

File	Change
`src/skillscan/data/rules/default.yaml`	+3 rules, version bumped to 2026.04.08.1
`src/skillscan/data/intel/ioc_db.json`	+3 Lazarus C2 domains
`src/skillscan/data/intel/vuln_db.json`	+10 Lazarus npm packages as malware entries
`examples/showcase/152_mal063_*/SKILL.md`	New showcase (MAL-063)
`examples/showcase/153_sup031_*/SKILL.md`	New showcase (SUP-031)
`examples/showcase/154_pinj020_*/SKILL.md`	New showcase (PINJ-020)
`examples/showcase/INDEX.md`	+3 entries
`tests/test_rules.py`	+3 rule unit tests
`tests/test_showcase_examples.py`	+3 showcase integration tests
`docs/EXAMPLES.md`	Rule count 182 → 185, +3 table rows
`PATTERN_UPDATES.md`	2026-04-08 entry prepended

Test Results

All 6 new tests pass locally:

test_mal063_lazarus_graphalgo_npm_rat ✅
test_sup031_packagegate_lifecycle_bypass ✅
test_pinj020_minja_memory_poisoning ✅
test_152_mal063_lazarus_graphalgo_npm_rat ✅
test_153_sup031_packagegate_lifecycle_bypass ✅
test_154_pinj020_minja_memory_poisoning ✅

Add three new detection rules, IOC enrichment, and vuln DB updates. ## New Rules - MAL-063 (critical): Lazarus Group graphalgo fake-recruitment npm/PyPI RAT campaign Targets crypto devs and AI engineers via fake job offers on LinkedIn/Telegram. Malicious packages: graphalgo, graphorithm, graphstruct, graphlibcore, netstruct, graphnetworkx, terminalcolor256, bigmathutils, bigmathex, duer-js, xpack-per-*. C2 domains: codepool.cloud, aurevian.cloud, veltrixcap.org. - SUP-031 (high): PackageGate npm/pnpm lifecycle script security bypass CVE-2025-69264 (pnpm) and CVE-2025-69263 (npm) allow bypassing --ignore-scripts and lockfile integrity checks. Fixed in pnpm 10.6.5+ and npm 11.3.0+. - PINJ-020 (critical): MINJA cross-session AI agent memory poisoning OWASP ASI-06 attack class. Malicious content in untrusted documents is stored into agent long-term memory/vector stores and executed in future sessions. ## Artifacts - 3 showcase SKILL.md examples (showcases 152-154) - 6 new pytest assertions (3 in test_rules.py, 3 in test_showcase_examples.py) - IOC DB: +3 Lazarus C2 domains (codepool.cloud, aurevian.cloud, veltrixcap.org) - Vuln DB: +10 Lazarus campaign npm packages flagged as malware - docs/EXAMPLES.md: rule count 182 → 185 - PATTERN_UPDATES.md: 2026-04-08 entry prepended Rulepack version: 2026.04.08.1

…e_trace.py - Add noqa: E402 to the late import in cli.py (intentional pattern) - Fix UP038 isinstance(raw, (int, float)) -> isinstance(raw, int | float) in cli.py - Fix UP045 Optional[X] -> X | None in online_trace.py - Fix I001 import sort in test_online_trace.py - Apply ruff format to online_trace.py These were pre-existing failures on main (CI run 24111743334).

json.loads() returns Any; the functions return dict which is correct at runtime. Add type: ignore[no-any-return] and type: ignore[type-arg] to silence mypy without changing runtime behaviour. Pre-existing issue introduced with the online-trace command.

The --api-key CLI option was removed in c082f49 but test_online_trace.py still expected it (and expected _resolve_api_key to accept an explicit key). Changes: - Add optional explicit_key param to _resolve_api_key(); explicit key takes priority over env var when provided - Re-add --api-key typer.Option to online_trace_cmd; wires to explicit_key - Fix test_missing_file_exits / test_directory_without_skill_md_exits / test_missing_key_exits to catch click.exceptions.Exit in addition to SystemExit (typer raises click.exceptions.Exit, not SystemExit) All 17 tests in test_online_trace.py now pass.

codecov · 2026-04-08T18:03:22Z

Codecov Report

❌ Patch coverage is 83.33333% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.20%. Comparing base (58de7b9) to head (d1bbc90).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
src/skillscan/commands/online_trace.py	80.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #182      +/-   ##
==========================================
- Coverage   77.65%   77.20%   -0.46%     
==========================================
  Files          31       32       +1     
  Lines        4229     4430     +201     
==========================================
+ Hits         3284     3420     +136     
- Misses        945     1010      +65

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

kurtpayne added 4 commits April 8, 2026 13:39

kurtpayne enabled auto-merge (squash) April 8, 2026 18:09

kurtpayne merged commit 864dde8 into main Apr 8, 2026
15 of 16 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: pattern update 2026.04.08.1 — MAL-063, SUP-031, PINJ-020#182

chore: pattern update 2026.04.08.1 — MAL-063, SUP-031, PINJ-020#182
kurtpayne merged 4 commits intomainfrom
chore/pattern-update-20260408-f7e8

kurtpayne commented Apr 8, 2026

Uh oh!

codecov bot commented Apr 8, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kurtpayne commented Apr 8, 2026

Pattern Update 2026.04.08.1

New Rules

MAL-063 (critical) — Lazarus Group graphalgo fake-recruitment npm/PyPI RAT campaign

SUP-031 (high) — PackageGate npm/pnpm lifecycle script security bypass (CVE-2025-69264, CVE-2025-69263)

PINJ-020 (critical) — MINJA cross-session AI agent memory poisoning via untrusted documents

Artifacts Changed

Test Results

Uh oh!

codecov bot commented Apr 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

codecov bot commented Apr 8, 2026 •

edited

Loading