Skip to content

MALICIOUS (1) package from Python Package Index.

  1. The campaign has clearly malicious intent, like infostealers.

fastapi-middleware-cors

Affected versions: (1) 1.0.0

  1. Version numbers are usually added automatically. In most cases, the packages listed here were created only to distribute malicious code.

Campaign data

Campaign information may not always be 100% accurate for every related package.

Campaign description

Library disguised as FastAPI helper is executing obfuscated code during importing the module. The code is highly obfuscated; the code seems to contain an installation beacon reporting to a Telegram channel.

The package name appears as a dependency in a few Github repositories created long before publishing it, suggesting it might be an attempt to hijack the name that was previously wrongly generated by AI.

See more details on the campaign page.

exfiltration_generic

Campaign targets exfiltration_generic.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

typosquatting

The package name is an typosquatting variant of a popular package.

Look up in other services

  1. May not be available. See more in pypi-json-data repository.
  2. Open Source Insights project, provided by Google.
  3. Service from Socket.dev, a cybersecurity company.
  4. Spectra Assure Community, a service from ReversingLabs, a cybersecurity company.
  5. Service from Snyk, a cybersecurity company.