HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-07-25(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-07-nexlang

When importing the module, the package puts own dynamic library to be loaded with Python, and even after that the module seems not to have methods described on the page. In addition, while it's hard to check what exactly the library is doing, it references the Github gist page

Abuse categories

modify-system-without-consent

Campaign uses modify-system-without-consent.

obfuscation

Campaign uses obfuscation.

other

Campaign uses other.

Packages in the campaign

campaign:2025-07-nexlang

• nexlang