MALICIOUS (1) campaign cataloged at 2025-04-23(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2025-04-s3transfer-sl¶
During installation, the package attempts to exfiltrate env variables and tokens from Azure metadata API. It's a malicious clon of s3transfer
Abuse categories¶
clones_real_package
Campaign uses clones_real_package.
exfiltration_cloud_tokens
Campaign uses exfiltration_cloud_tokens.
typosquatting
Campaign uses typosquatting.