Skip to content

MALICIOUS (1) campaign cataloged at 2025-09-19(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-09-suyo

Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The exfiltration target is a hardcoded discord webhook

Abuse categories

exfiltration_browser_data

Campaign uses exfiltration_browser_data.

infostealer

Campaign uses infostealer.

infostealer:cstealer

Campaign uses infostealer:cstealer.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • hxxps://discord.com/api/webhooks/1416787330873688224/4PB-5IWwMalA9DM5aNtX2O1V1FhofPrA2HkcfBqrcPnSy-ue-s5xLi9jxaPpMAjup-5I

Packages in the campaign

campaign:2025-09-suyo