MALICIOUS (1) campaign cataloged at 2025-02-21(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-02-transaction-utils

The only thing the package does is send out all the given data about a cryptocurrency transaction, including the private key, to a hardcoded webhook.

Feedback from PyPI Team: the package "transaction-utils" may also exploit a known pip behavior to overwrite files of an existing legitime package and replace it with malicious content.

Abuse categories

action-hidden-in-lib-usage

Campaign uses action-hidden-in-lib-usage.

crypto-related

Campaign uses crypto-related.

webhook:telegram

A Telegram webhook is used to send collected data.

Packages in the campaign

campaign:2025-02-transaction-utils

• solana-utils
• solders-utils
• transaction-utils