MALICIOUS (1) campaign cataloged at 2025-03-04(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-03-pythonhttp

Installing the package starts a heavily obfuscated Powershell Script that attempts to (at least) overwrite copied crypto wallets

Abuse categories

crypto-related

Campaign uses crypto-related.

malware

Campaign uses malware.

obfuscation

Campaign uses obfuscation.

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

Packages in the campaign

campaign:2025-03-pythonhttp

• pythonhttp