Skip to content

MALICIOUS (1) campaign cataloged at 2025-08-28(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-08-kraken-virus

As even described, the package contains a malicious code collecting large amount of data. The description suggests educational use, yet, the code can cause real harm. Specifically, the C2 servers defined in the package seems to be selected as trusted domains that would ignore the data sent. However, among them is at least one domain available for sale at the time of analysis - opening the room for collecting data by the uploader.

Abuse categories

exfiltration_browser_data

Campaign uses exfiltration_browser_data.

exfiltration_generic

Campaign uses exfiltration_generic.

malware

Campaign uses malware.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • azure-monitor.org

Packages in the campaign

campaign:2025-08-kraken-virus