Hi, this doesn't look OK to be honest. Could you please share the steps to reproduce the issue (which actions result in the warning), and specify the full path to the file that triggered the alert?
/Applications/PyCharm CE.app/Contents/MacOS/pycharm I'm loading my project. I run the debugger. And from that moment on, I see in Little Snitch that the signature of the application is or resourse is modified. PyCharm is installed on a clean system. In my project, I use the following modules: PyQt5 5.15.9 PyQt5-Qt5 5.15.2
PyQt5-sip 12.12.2
certifi 2023.7.22
charset-normalizer 3.2.0
idna 3.4
numpy 1.25.2
pandas 2.1.0
pip 23.2.1
python-dateutil 2.8.2
pytz 2023.3.post1
requests 2.31.0
setuptools 65.5.0
six 1.16.0
tzdata 2023.3
urllib3 2.0.4 This is quite interesting, and if you or someone who is good at computer security will help you figure it out, maybe we will be able to identify the PyCharm vulnerability or any modules are compromised.
I've found that resource changes/signature spoofing only occur when I run the project from the local interpreter /usr/local/bin/python3 and /usr/local/bin/python3.11 at the address is an alias/link to another address /Library/Frameworks/Python.framework/Versions/3.11/bin Do you have any idea where you can send these files for further analysis for malware infection?
I compared the original PyCharm CE.app application with the modified one. There are differences in 84 new files. I don't know how dangerous this is, this looks like some kind of cache. but it clearly makes PyCharm work unstable. Here is a list of the new files:
As for the snitch issue, does it reproduce if you run the code without the debugger? Could you please show a screenshot of your run/debug configuration?
/Applications/PyCharm CE.app/Contents/MacOS/pycharm
I'm loading my project. I run the debugger. And from that moment on, I see in Little Snitch that the signature of the application is or resourse is modified. PyCharm is installed on a clean system. In my project, I use the following modules:
PyQt5 5.15.9
PyQt5-Qt5 5.15.2
PyQt5-sip 12.12.2
certifi 2023.7.22
charset-normalizer 3.2.0
idna 3.4
numpy 1.25.2
pandas 2.1.0
pip 23.2.1
python-dateutil 2.8.2
pytz 2023.3.post1
requests 2.31.0
setuptools 65.5.0
six 1.16.0
tzdata 2023.3
urllib3 2.0.4
This is quite interesting, and if you or someone who is good at computer security will help you figure it out, maybe we will be able to identify the PyCharm vulnerability or any modules are compromised.
I've found that resource changes/signature spoofing only occur when I run the project from the local interpreter /usr/local/bin/python3 and /usr/local/bin/python3.11 at the address is an alias/link to another address /Library/Frameworks/Python.framework/Versions/3.11/bin Do you have any idea where you can send these files for further analysis for malware infection?
I compared the original PyCharm CE.app application with the modified one. There are differences in 84 new files. I don't know how dangerous this is, this looks like some kind of cache. but it clearly makes PyCharm work unstable. Here is a list of the new files:
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_breakpointhook.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_save_locals.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_collect_try_except_info.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_console_integration.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_user_type_renderers.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_plugin_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_process_net_command.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_extension_api.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_xml.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_comm_constants.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_resolver.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_user_type_renderers_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_constants.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_custom_frames.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_dont_trace_files.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_trace_dispatch.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_signature.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_comm.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_frame.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_trace_api.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_import_class.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_console.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_additional_thread_info.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_command_line_handling.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_extension_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_exec2.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_repr_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_traceproperty.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_console_output.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_console_pytest.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_frame_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_vm_type.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_vars.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_frame_type_handler.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_tables.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_breakpoints.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_cython_wrapper.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_stackless.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_io.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_bytecode_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_additional_thread_info_regular.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_kill_all_pydevd_threads.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/pydevd_dont_trace.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_bundle/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/fix_getpass.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_code_executor.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_log.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/_pydev_tipper_common.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_ipython_code_executor.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_ipython_console_011.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/_pydev_completer.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_monkey_qt.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_imports.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_monkey.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_stdin.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/_pydev_calltip_util.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_override.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/_pydev_imports_tipper.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_console_types.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/_pydev_filesystem_encoding.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_bundle/__pycache__/pydev_is_thread_alive.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/__pycache__/jinja2_debug.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/__pycache__/django_debug.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/extensions/types/__pycache__/pydevd_plugin_numpy_types.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/extensions/types/__pycache__/pydevd_plugins_django_form_str.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/extensions/types/__pycache__/pydevd_helpers.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/extensions/types/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_plugins/extensions/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_imps/__pycache__/_pydev_execfile.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_imps/__pycache__/_pydev_saved_modules.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydev_imps/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/__pycache__/pydevd_tracing.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/__pycache__/pydevd_file_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydev_ipython/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_asyncio_util/__pycache__/pydevd_asyncio_utils.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_asyncio_util/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_frame_eval/__pycache__/pydevd_frame_eval_main.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/_pydevd_frame_eval/__pycache__/__init__.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_concurrency_analyser/__pycache__/pydevd_thread_wrappers.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_concurrency_analyser/__pycache__/pydevd_concurrency_logger.cpython-311.pyc
/PyCharm CE.app/Contents/plugins/python-ce/helpers/pydev/pydevd_concurrency_analyser/__pycache__/__init__.cpython-311.pyc
__pycache__ is fine, you don't have to worry about it.
https://stackoverflow.com/questions/16869024/what-is-pycache
As for the snitch issue, does it reproduce if you run the code without the debugger? Could you please show a screenshot of your run/debug configuration?