During import, package exfiltrates browsers data, SSH keys and other credential files, env variables and other sensitive data.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-request-cache-py

Reasons (based on the campaign):

• infostealer

• exfiltration-env-variables

• exfiltration-ssh-keys

• impersonation

• A Telegram webhook is used to send collected data.

• exfiltration-browser-data

• The package contains code to detect if it is running in a sandbox environment.

• exfiltration-credentials

• The malicious code is intentionally included in a dependency of the package