HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-11-16(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-11-wallet-tracking

Package is prepared to send notifications with sensitive data, but the usage is not known and may not necessary be malicious. Especially, the only thing the package "tracks" is the private key, which could eventually be masked.

Abuse categories

crypto-related

Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.

exfiltration_crypto

The package attempts to steal sensitive cryptocurrency-related data, like wallet keys.

Packages in the campaign

campaign:2025-11-wallet-tracking

• wallet-tracking