HIGHLY_SUSPICIOUS (1) campaign cataloged at 2026-01-09(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-01-t402

This is a clone of x402 package, the provided project domains do not exist. While cloning such a specific library is suspicious, this package seems to provide extensions to other blockchain networks.

Abuse categories

crypto-related

Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.

other

Campaign uses other.

Packages in the campaign

campaign:2026-01-t402

• t402