MALICIOUS (1) package from Python Package Index.
- The campaign has clearly malicious intent, like infostealers.
juphelp¶
- Metadata(1) Check in pypi-data project
- Affected versions(2) unspecified
- May not be available. See more in pypi-json-data repository.
- Version numbers are currently not tracked. Assume all versions are affected.
Campaign data¶
Campaign information may not always be 100% accurate for every related package.
Campaign description
Once run, downloads and install from sleipnirbrowser[.]org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some kind of crypto tokens, and trying to impersonate a legitimate Slepnir web browser (https://en.wikipedia.org/wiki/Sleipnir_(web_browser)).
Later versions switched to install a software identified as LUMMA infostealer (e.g. https://tria.ge/240817-whze2aydkc), hidden in different executables
See more details on the campaign page.
crypto-related
Campaign targets crypto-related.
dependency-confusion
Campaign targets dependency-confusion.
impersonation
Campaign targets impersonation.
modify-system-without-consent
Campaign targets modify-system-without-consent.
remote_executable
Downloads and executes a remote executable.