---

-= Per source details. Do not edit below this line.=-

Source: kam193 (8bc2e515c2eb7bf73ea5d532cfb6701dcaf3dd95e9d8248ee3d426b1d0c1ed8c)

During installation, package executes obfuscated code that starts a RAT-like software allowing remote control and exfiltrating sensitive data.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-telethon-pro-safe

Reasons (based on the campaign):

• rat

• The package overrides the install command in setup.py to execute malicious code during installation.

• exfiltration-credentials

• exfiltration-browser-data

• The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

• The package contains code to detect if it is running in a sandbox environment.

• The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

• infostealer

• obfuscation