---

-= Per source details. Do not edit below this line.=-

Source: kam193 (d361ffcded0fc3d88b5095d800b13b3f8a07a581e8003c30bfcf9887eb71243f)

The package is a new version of the previously removed libhmac. The key parts, a malicious payload to inject into hijacked browser extensions, is not included in the package. The code allows hijacking browser extensions to - based on previous package - exfiltrate credentials. This package also contains code to create hidden SSH access to the machine with hardcoded credentials.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-libhmac

Reasons (based on the campaign):

• crypto-related

• exfiltration-credentials

• exfiltration-crypto

• exfiltration-browser-data