MALICIOUS (1) campaign cataloged at 2026-02-15(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-02-requests-toolkit

During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity

Abuse categories

impersonation

Campaign uses impersonation.

infostealer

Activity is typical for information stealers, i.e. by exfiltrate various sensitive data from the victim's environment.

keylogger

Campaign uses keylogger.

malware

Package contains or installs known malware.

sandbox-detection

The package contains code to detect if it is running in a sandbox environment.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

• VirusTotal results

Packages in the campaign

campaign:2026-02-requests-toolkit

• requests-toolkit