MALICIOUS (1) campaign cataloged at 2026-07-08(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-07-oxntime¶
The package contains obfuscated code and embedded binary that is executed during the import. The embedded binary targets Android and seems to act as a guard for further execution, with some sandbox evasion techniques and time-based actions.
Abuse categories¶
covering-tracks
The package contains code to cover its tracks, e.g. by deleting malicious code after execution.
obfuscation
Code uses obfuscation techniques to hide its true purpose.
sandbox-detection
The package contains code to detect if it is running in a sandbox environment.
target:android
The package is designed to target Android users or the Android platform.
References¶
Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.