MALICIOUS (1) campaign cataloged at 2026-03-28(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-03-aiogram-photo-updater

When run, the package exfiltrates files from a cryptowallet and modifies its executable placing an implant exfiltrating passphrase later.

Abuse categories

covering-tracks

The package contains code to cover its tracks, e.g. by deleting malicious code after execution.

crypto-related

Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.

exfiltration_crypto

The package attempts to steal sensitive cryptocurrency-related data, like wallet keys.

files_exfiltration

Campaign uses files_exfiltration.

infostealer

Activity is typical for information stealers, i.e. by exfiltrate various sensitive data from the victim's environment.

Packages in the campaign

campaign:2026-03-aiogram-photo-updater

• aiogram-photo-updater
• python-aiogram-telegram-updater