-= Per source details. Do not edit below this line.=-
Importing the module starts exfiltrating Discord tokens
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-11-morosint
Reasons (based on the campaign):
exfiltration-browser-data
exfiltration-credentials
{
"malicious-packages-origins": [
{
"versions": [
"0.0.1"
],
"sha256": "6b16ae376b90b0961ff852408bd5dea69dc3a4af0012282b7680ff7de71e9f98",
"modified_time": "2025-11-12T23:25:46.371702Z",
"source": "kam193",
"id": "pypi/2025-11-morosint/zakuraweb",
"import_time": "2025-12-02T22:30:55.789301338Z"
},
{
"versions": [
"0.0.1"
],
"sha256": "aa544044c8a113eb904f97650e8132de793d3bab5a7328a3714495e3f6a2283e",
"modified_time": "2025-11-12T23:25:46.371702Z",
"source": "kam193",
"id": "pypi/2025-11-morosint/zakuraweb",
"import_time": "2025-12-02T23:07:18.832855267Z"
}
],
"iocs": {
"urls": [
"https://canary.discord.com/api/webhooks/1438273237867036682/y-jlMJWQRYZlxmYEAzEKNQLMRG3GTh7ZcVryf-CpYulJymcNV_rXJMFtvIDke7E7w5HW",
"https://canary.discord.com/api/webhooks/1437951747627815105/pye5awwKpavmOnp0tOfLosFBXM-mRTX1rSQFTMBOWiNMJ9FZYvcOYRYS331jO7WSyWVL"
]
}
}