MAL-2026-10690

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/qwen-asr-pvt/MAL-2026-10690.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-10690
Published
2026-07-15T17:53:25Z
Modified
2026-07-15T18:19:27.568481859Z
Summary
Malicious code in qwen-asr-pvt (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e)

The package's pyproject.toml declares an unpinned runtime dependency on transformers4576, a lookalike of the widely used HuggingFace transformers library. Every internal import that would normally reference transformers has been rewritten to transformers4576 (e.g., from transformers4576 import AutoConfig, AutoModel, AutoProcessor reachable from init.py), so pip install qwen-asr-pvt forces pip to resolve and install the attacker-controlled transformers4576 from PyPI. Whatever code is published under that name executes at install/import time on the installer's machine. The lure is reinforced by publisher impersonation: the package name qwen-asr-pvt (a -pvt suffix on the real qwen-asr), the Alibaba Qwen Team author metadata, and the homepage pointing at https://github.com/Qwen/Qwen3-ASR mimic the official Qwen3-ASR project, while the shipped source is copied from that upstream with import statements rewritten to the typosquat name. Together these signals form a dependency-confusion dropper: the flagged package is the lure, and the harm arrives through the attacker-controlled transitive.

Database specific
{
    "malicious-packages-origins": [
        {
            "id": "IN-MAL-2026-010685",
            "source": "amazon-inspector",
            "import_time": "2026-07-15T17:59:56.119963418Z",
            "sha256": "68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e",
            "versions": [
                "0.0.6"
            ],
            "modified_time": "2026-07-15T17:53:25Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / qwen-asr-pvt

Package

Affected ranges

Affected versions

0.*
0.0.6

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/qwen-asr-pvt/MAL-2026-10690.json"
cwes
[
    {
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature."
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "qwen_asr_pvt-0.0.6-py3-none-any.whl",
            "hashes": {
                "blake2b_256": "d30c71fa07a4eb31e25c01190d4b0d9907906bc185cf335e0f3ba8dbfbea3163",
                "md5": "9427b98784bf4ba007ef64b9e49d9473",
                "sha256": "8ddc44f00d83320f9f9c5c8212822a320d0ae0346b57fb9b7d1bb9b0361ece40"
            }
        },
        {
            "filename": "qwen_asr_pvt-0.0.6.tar.gz",
            "hashes": {
                "blake2b_256": "c72394ae6d1a2d65adcba66c2f66f19d9b2e46f0c4dbb4d9676a4a045aae0f76",
                "md5": "50ec8bbc99da8482a31b1bd86b739a23",
                "sha256": "885f9b72ca962aaa463721f28b65d30b9b990fbb37f8e41f62d155eb2eac8677"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "pyproject.toml",
            "sha256": "db90bf10a59b5a3aee41b6bdb39ceb49c51ad896610f8f4600556ca0ca07fd35",
            "tlsh": "412122a30dd66b21d6f03481705ac500fa12cf2d229248df7ef7824d4099aa7c9bd23c"
        }
    ]
}