SPAM (1) campaign cataloged at 2025-10-29(2).

1. advertisements, spam packages etc.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-10-bugdotexe

Names imitate packages from other package managers, like Debian APT, and they have no real content, just a sample method. In addition, the uploader name states it is research.

Abuse categories

dependency-confusion

Campaign uses dependency-confusion.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• bugdotexe@wearehackerone.com

Packages in the campaign

campaign:2025-10-bugdotexe

• algorithmic-efficiency
• cuda-cudart-linux-64
• cuda-opencl
• cuda-version
• cyrus-sasl
• glib-tools
• libclang13
• libcups
• libcusolver
• libcusparse
• libedit
• libgfortran5
• libglib
• libidn2
• libjpeg-turbo
• libllvm14
• libnpp
• libnvfatbin
• libnvjitlink
• libpq
• ocl-icd