Skip to content

MALICIOUS (1) campaign cataloged at 2026-03-21(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-03-aiolrucache

The package masquerades as a utility, but during import, code loads obfuscated modules with RAT- and spyware-like functionality, including: exfiltrating files, executing remote code, taking screenshots, monitoring and exfiltrating the clipboard content. Malicious code is controlled via Discord.

Abuse categories

RAT

Malicious activity is typical for Remote Access Trojans (RATs).

clipboard_stealing

Campaign uses clipboard_stealing.

files_exfiltration

Campaign uses files_exfiltration.

keylogger

Campaign uses keylogger.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

spyware-like

Campaign uses spyware-like.

Packages in the campaign

campaign:2026-03-aiolrucache