MALICIOUS (1) campaign cataloged at 2026-05-20(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-05-libhmac¶
The package is a loader of an infostealer that modifies browser extensions to intercept credentials and cryptowallet data. The installation is not automatic, the code is intended to be triggered externally, but includes hardcoded exfiltration target.
Abuse categories¶
crypto-related
Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.
exfiltration_browser_data
Campaign uses exfiltration_browser_data.
exfiltration_credentials
The package attempts to steal credentials, like passwords or API keys.
exfiltration_crypto
The package attempts to steal sensitive cryptocurrency-related data, like wallet keys.