When calling the Email function, the code creates a backdoor script and attempts to achieve persistence. The script connects to a Telegram bot and awaits commands to execute.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-old-randpicker

Reasons (based on the campaign):

• action-hidden-in-lib-usage

• The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

• backdoor

• uses-telegram-bot

• persistence

• peristence-autorun