MALICIOUS (1) campaign cataloged at 2026-04-20(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-04-leavemealone¶
During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a "flag" file at the end, this package can also be part of a CTF-like exercise, but it's not possible to be sure given the encrypted payload.
Abuse categories¶
obfuscation
Code uses obfuscation techniques to hide its true purpose.