-= Per source details. Do not edit below this line.=-
Package impersonates Google and attempts to exfiltrate various credential files. It also setups PTH file for automated start during Python initialization. In the analyzed version, the exfiltration target was set as localhost suggesting it's not the final code.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-gauth-client
Reasons (based on the campaign):
exfiltration-credentials
impersonation
files-exfiltration
0.1.0Exploitability
AV:NAC:LPR:NUI:NScope
S:CImpact
C:HI:HA:H10.0/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H