MALICIOUS (1) campaign cataloged at 2026-07-07(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-07-paysafe-api¶
When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host.
Abuse categories¶
action-hidden-in-lib-usage
The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).
dependency-confusion
An attempt to exploit dependency confusion
exfiltration_env_variables
Campaign uses exfiltration_env_variables.
obfuscation
Code uses obfuscation techniques to hide its true purpose.
sandbox-detection
The package contains code to detect if it is running in a sandbox environment.
IoCs & related URLs¶
URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.
caliber-spinner-finishing.ngrok-free.dev