Skip to content

Bad packages

2025-08-cffi-curl

kam193/package-campaigns

MALICIOUS (1) campaign cataloged at 2025-08-20(2).

The campaign has clearly malicious intent, like infostealers.
This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-08-cffi-curl¶

Malicious clone of a legitimate package "curl-cffi". When importing the module, it runs an obfuscated PowerShell command

Abuse categories¶

clones_real_package

Campaign uses clones_real_package.

malware

Campaign uses malware.

obfuscation

Campaign uses obfuscation.

typosquatting

Campaign uses typosquatting.

Packages in the campaign¶

campaign:2025-08-cffi-curl¶

cffi-curl