HIGHLY_SUSPICIOUS (1) campaign cataloged at 2025-11-16(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-11-wallet-tracking

Package is prepared to send notifications with sensitive data, but the usage is not known and may not necessary be malicious. Especially, the only thing the package "tracks" is the private key, which could eventually be masked.

Abuse categories

crypto-related

Campaign uses crypto-related.

exfiltration_crypto

Campaign uses exfiltration_crypto.

Packages in the campaign

campaign:2025-11-wallet-tracking

• wallet-tracking