HIGHLY_SUSPICIOUS (1) campaign cataloged at 2026-01-16(2).

1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-01-uitil

Package implements an undocumented way to execute code hidden in image files. However, so far it is not used anywhere

Abuse categories

obfuscation

Code uses obfuscation techniques to hide its true purpose.

typosquatting

The package name is an typosquatting variant of a popular package.

Packages in the campaign

campaign:2026-01-uitil

• uitil