MALICIOUS (1) campaign cataloged at 2024-09-02(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2024-08-pojang-resorter

Early versions used overriding install command to take screenshots, then it moved to automated installing an infostealer. Later the behaviour was changed and looks like being a toolkit to install malware, yet, depending on version, containing an automated infostealer installation. The exact code is partially hidden behind different obfuscation methods.

Abuse categories

Campaign uses .

exfiltration_generic

Campaign uses exfiltration_generic.

infostealer

Campaign uses infostealer.

obfuscation

Campaign uses obfuscation.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

remote_executable

Downloads and executes a remote executable.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

• VirusTotal results

Packages in the campaign

campaign:2024-08-pojang-resorter

• pojang-resorter