MALICIOUS (1) campaign cataloged at 2026-02-26(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-02-flycord¶
When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL. Given the lack of an opt-out possibility, collection of usernames, obfuscated target and not disclosing it anywhere, it cannot be classified as telemetry.
Abuse categories¶
action-hidden-in-lib-usage
The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).
basic_exfiltration
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
obfuscation
Code uses obfuscation techniques to hide its true purpose.