Skip to content

MALICIOUS (1) campaign cataloged at 2026-03-13(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-03-fastapi-middleware-cors

Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an installation beacon reporting to a Telegram channel.

The package name appears as a dependency in a few Github repositories created long before publishing it, suggesting it might be an attempt to hijack the name that was previously wrongly generated by AI.

Abuse categories

exfiltration_generic

Campaign uses exfiltration_generic.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

typosquatting

The package name is an typosquatting variant of a popular package.

Packages in the campaign

campaign:2026-03-fastapi-middleware-cors