Skip to content

MALICIOUS (1) campaign cataloged at 2025-09-15(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-09-gtts-lts

During the execution, the package silently download and runs a JAR not related to the package job. At the time of analysis, the content was corrupted

Abuse categories

action-hidden-in-lib-usage

Campaign uses action-hidden-in-lib-usage.

remote_executable

Downloads and executes a remote executable.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • hxxps://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/meow.bin

  • hxxps://github.com/michalethernatg/symmetrical-octo-parakeet/raw/refs/heads/main/shell.exe

Packages in the campaign

campaign:2025-09-gtts-lts