MALICIOUS (1) campaign cataloged at 2026-02-28(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-02-old-socketxio¶
Using the provided function results in exfiltrating Discord tokens to a hardcoded location
Abuse categories¶
action-hidden-in-lib-usage
The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).
exfiltration_credentials
The package attempts to steal credentials, like passwords or API keys.