MALICIOUS (1) campaign cataloged at 2025-02-08(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-02-updateuuid4¶
The package, with an innocent looking name, has as the only functionality reporting to a Telegram channel given username and password. The functionality is in the "HeadersUpdate" class, that also looks like attempting to look innocent. The code does nothing more than reporting given credentials through a bot using the name "hitlercute_bot".
Abuse categories¶
infostealer
Campaign uses infostealer.