-= Per source details. Do not edit below this line.=-
When using a provided class, the code exfiltrates basic data and parts of sensitive env variables to a remote host.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-paysafe-api
Reasons (based on the campaign):
exfiltration-env-variables
dependency-confusion
action-hidden-in-lib-usage
The package contains code to detect if it is running in a sandbox environment.
obfuscation
{
"iocs": {
"domains": [
"caliber-spinner-finishing.ngrok-free.dev"
]
},
"malicious-packages-origins": [
{
"sha256": "ae864f77805fa7e1facccf45d1af67d37603c5a085f55d733d9d3eb8cf4d26c8",
"id": "pypi/2026-07-paysafe-api/paysafe-sdk",
"source": "kam193",
"import_time": "2026-07-07T15:30:57.593831538Z",
"modified_time": "2026-07-07T15:22:57.69446Z",
"versions": [
"1.0.0"
]
},
{
"sha256": "504646a062398a61639e86185c70fee76a8e76eaa67772587045826c5cd8d7b7",
"id": "pypi/2026-07-paysafe-api/paysafe-sdk",
"source": "kam193",
"import_time": "2026-07-07T22:55:28.727435196Z",
"modified_time": "2026-07-07T15:22:57.69446Z",
"versions": [
"1.0.0"
]
}
]
}