MALICIOUS (1) campaign cataloged at 2026-01-03(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-01-ambertransit

By using the package, the computer is attached to participate in a proxy network and share its IP and bandwidth. This is clearly stated, but the package has no real functionality besides that. Additionally, the stated proxy network seems extremely shady: the domain was just registered, is closely similar to a long-existing service, and offers residential proxy only for cryptocurrencies. The company mentioned in the package information does not have a website, and the proposed way to opt-out does not work.

Abuse categories

modify-system-without-consent

Campaign uses modify-system-without-consent.

other

Campaign uses other.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• ambertransit.com

• proxly.cc

• peers.proxly.cc

Packages in the campaign

campaign:2026-01-ambertransit

• chrome-stealth