Skip to content

MALICIOUS (1) campaign cataloged at 2025-07-17(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-07-avatar-handler

Code pretending to handling downloading an image, but in fact is prepared to download and execute a Powershell script image properties. No known usage

Abuse categories

obfuscation

Campaign uses obfuscation.

remote_script

Downloads and executes a remote malicious script.

Packages in the campaign

campaign:2025-07-avatar-handler