Skip to content

Bad packages

2025-08-cffi-curl

kam193/package-campaigns

MALICIOUS (1) campaign cataloged at 2025-08-20(2).

The campaign has clearly malicious intent, like infostealers.
This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-08-cffi-curl¶

Malicious clone of a legitimate package "curl-cffi". When importing the module, it runs an obfuscated PowerShell command

Abuse categories¶

clons_real_package

The package is a clone of a real package, but with malicious code added.

malware

Campaign uses malware.

obfuscation

Campaign uses obfuscation.

typosquatting

Campaign uses typosquatting.

Packages in the campaign¶

campaign:2025-08-cffi-curl¶

cffi-curl