HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-02-08(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-02-server-operator

Package is designed to look for Solana private keys and send them to a callback. The first version also included the seed values. However, it requires explicit starting with a given callback.

Abuse categories

exfiltration_crypto

Campaign uses exfiltration_crypto.

Packages in the campaign

campaign:2025-02-server-operator

• server-operator