Skip to content

HIGHLY_SUSPICIOUS (1) campaign cataloged at 2026-02-26(2).

  1. Packages that are likely malicious, but due to the obfuscation level, lack of time or clear indicators it's hard to say what exactly they do; the highest risk of false positives.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-02-flycalc

Package seems to silently exfiltrate user info and a screenshot, when used

Abuse categories

action-hidden-in-lib-usage

The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).

basic_exfiltration

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Packages in the campaign

campaign:2026-02-flycalc