MALICIOUS (1) campaign cataloged at 2026-03-09(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-03-old-requests-lite¶
Clone of a legitimate requests library. The hidden code runs when using the requests functionality and starts a Telegram bot awaiting for remote commands.
Abuse categories¶
RAT
Malicious activity is typical for Remote Access Trojans (RATs).
abusing-3rd-api
Campaign uses abusing-3rd-api.
action-hidden-in-lib-usage
The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).
clones_real_package
The package is a clone of a legitimate package or library, but with malicious code added.
remote_commands
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.