MALICIOUS (1) campaign cataloged at 2026-03-15(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-03-ariadne-federation

During import, package decrypts and runs a malicious executable. The executable is hidden in an encoded and xored form in the JSON resource file.

This is a follow up of the campaign 2026-03-fastapi-middleware-cors

Abuse categories

dependency-confusion

An attempt to exploit dependency confusion

malware

Package contains or installs known malware.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

typosquatting

The package name is an typosquatting variant of a popular package.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

• VirusTotal results

Packages in the campaign

campaign:2026-03-ariadne-federation

• ariadne-federation
• dgl-cu117
• kvstore-pb2-grpc
• my-super-lib
• python-anchor