MALICIOUS (1) campaign cataloged at 2025-01-26(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-01-markitanalysis¶
If installed using source package, the package collects selected environment variables, including GITHUB_TOKEN if set, and sends to an external service. The package doesn't hide its actions at all, but there are already multiple different packages with the same code.
Abuse categories¶
exfiltration_env_variables
Campaign uses exfiltration_env_variables.
override_install
The package overrides the install command in setup.py to execute malicious code during installation.