-= Per source details. Do not edit below this line.=-
Package exftrates discord credentials to a hardcoded location
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-discordhelper-ecr
Reasons (based on the campaign):
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"id": "pypi/2025-11-discordhelper-ecr/discordhelper-ecr",
"modified_time": "2025-11-26T23:58:49.993916Z",
"import_time": "2025-12-02T22:30:55.107976455Z",
"sha256": "f5b22b25f4ab4161e366f330baed70168d770325f154cf605c5ec2a0f2be3d92",
"source": "kam193"
},
{
"versions": [
"1.0.0"
],
"id": "pypi/2025-11-discordhelper-ecr/discordhelper-ecr",
"modified_time": "2025-11-26T23:58:49.993916Z",
"import_time": "2025-12-02T23:07:18.11935613Z",
"sha256": "689b1c190dc23f0188a57cac218b8dd66c56ecb77478d9bdac584a8cd111bb9b",
"source": "kam193"
}
]
}