-= Per source details. Do not edit below this line.=-
Designed to run on Android. Under the mask of an AI agent, the code downloads a remote executable on import, and during usage, silently exfiltrates data like text messages and contacts.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-metoopro
Reasons (based on the campaign):
infostealer
files-exfiltration
exfiltration-generic
Downloads and executes a remote executable.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0",
"1.0.1",
"1.0.2"
],
"sha256": "f2cfd59dcec981250aeaf0633059cfd0af4d5dac6c87a1d54b9e13ce70957858",
"modified_time": "2026-05-07T19:18:44.844097Z",
"source": "kam193",
"id": "pypi/2026-05-metoopro/sufiagent",
"import_time": "2026-05-07T20:02:41.174726878Z"
}
],
"iocs": {
"urls": [
"https://raw.githubusercontent.com/Sufiyan65889/Rish-Shizuku/main/rish_shizuku.dex",
"https://raw.githubusercontent.com/Sufiyan65889/Rish-Shizuku/main/rish",
"https://github.com/Sufiyan65889/HAck-Pypi.git"
]
}
}