Skip to content

HIGHLY_SUSPICIOUS (1) campaign cataloged at 2026-01-05(2).

  1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-01-auto-backup

Package performs a "backup" of files to a remote location. This functionality is clearly described, but the user has no control over the remote location where the collected files are sent, as well as gets no access data. They are uploaded to a hardcoded Gofile account and as the downloading links are not saved anywhere, only the package author has access to them.

Abuse categories

files_exfiltration

Campaign uses files_exfiltration.

Packages in the campaign

campaign:2026-01-auto-backup