MALICIOUS (1) campaign cataloged at 2025-03-04(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-03-pythonhttp

Installing the package starts a heavily obfuscated Powershell Script that attempts to (at least) overwrite copied crypto wallets

Abuse categories

crypto-related

Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.

malware

Package contains or installs known malware.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

Packages in the campaign

campaign:2025-03-pythonhttp

• pythonhttp