MALICIOUS (1) campaign cataloged at 2026-05-07(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-05-pycacheopt

The extension module hides code that in specific circumstances executes given code. The malicious action is hidden only in the extension module with the same-named Python code file containing only benign code.

This campaign was first detected by Aikido Security.

Abuse categories

other

Campaign uses other.

sandbox-detection

The package contains code to detect if it is running in a sandbox environment.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

• https://app.aikido.dev/reports/malware/software-supply-chain-attacks?packageId=934457

Packages in the campaign

campaign:2026-05-pycacheopt

• pycacheopt