HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-02-16(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-02-pydantickits

Typosquatting packages with obfuscated code downloading an image. It can be dangerous if the remote file were changed, in current form more like spam.

Abuse categories

dependency-confusion

Campaign uses dependency-confusion.

typosquatting

Campaign uses typosquatting.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• hxxps://f74.workupload.com/download/S2F9ARfsjg3

Packages in the campaign

campaign:2025-02-pydantickits

• pydantic-kit
• pydantickits