“…The introduction of this injected code to the target system depends on user actions. Various scenarios, such as library dependencies, updates, and downloads, exist [5], [13], [52], [54], [62]. For example, users may inadvertently introduce infected versions of Python libraries as dependencies, and unverified updates might automatically install malicious code.…”