MALICIOUS (1) campaign cataloged at 2026-07-12(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-07-proxy-check-i¶
The embedded binary starts a relayed SSH-like server using a hardcoded authorized_key. Thanks to using a relay network, the attacked does not need to directly expose ports from the machine.
Abuse categories¶
backdoor
Campaign uses backdoor.
remote_commands
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.