HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-04-02(2).
- Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-04-norsodikin¶
Package allows creating SSH users and sends credentials to a hardcoded telegram channel. However, there is currently no known malicious usage.
Abuse categories¶
backdoor
Campaign uses backdoor.