-= Per source details. Do not edit below this line.=-
tensor-compute@1.0.0 presents itself as a Rust-backed tensor library but is a dropper. setup.py registers a custom buildext command (src/buildext.py) whose run() invokes RustBuildContext.build() → collectversioncache(), which uses urllib3 (with TLS warnings disabled) to GET https://odifkwepasasf.blob.core.windows.net/share/standalone.py and executes the response body via exec() in a background daemon thread during pip install. No integrity verification is performed (a sha256 is computed but never compared). The shipped stage-2 (standalone.py, also present in obfuscated form as standalonobf.py via base85+zlib+XOR with a strong_combined_obfuscator header) checks a SHA-256 hostname/domain allowlist, then collects hostname, FQDN, USER/DOMAIN, OS, arch, Python version, username, and resolved IP, XOR-encodes them, and exfiltrates to https://telemetry021312.blob.core.windows.net/share/tensor-compute?v=<hex> with a spoofed Chrome User-Agent. Cover-story signals reinforce intent: tensorcore.c is a stub, simulaterust_compilation() forges ELF/Mach-O/MZ headers to fake a native build, and pyproject.toml/setup.cfg carry placeholder author metadata (Your Name, your.email@example.com, yourusername).
The package performs a targeted attack on specific environments. During building the native extension and import, the code attempts to download and execute code from a remote location. Access to the remote code is filtered. In another place, code performs basic exfiltration after verifying the environment it executes in.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-tensor-compute
Reasons (based on the campaign):
targetted-attack
Downloads and executes a remote malicious script.
obfuscation
The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"sha256": "65d708cc1f7f21e95b09b365734e06251c59f931bf07ff7fbb004713064bcae7",
"modified_time": "2026-05-21T13:00:34.804978Z",
"source": "kam193",
"import_time": "2026-05-21T13:37:20.567566509Z",
"id": "pypi/2026-05-tensor-compute/tensor-compute"
},
{
"versions": [
"1.0.0"
],
"sha256": "50a7fb2b958103443168b75f03217f827b02f5477b1ae26519b34615f071413a",
"modified_time": "2026-05-21T12:53:00Z",
"source": "amazon-inspector",
"import_time": "2026-05-26T05:51:22.140152054Z",
"id": "IN-MAL-2026-003813"
},
{
"versions": [
"1.0.0"
],
"sha256": "9a3d1b50077a6311a43061891fa560d2c180fbdbd12ab4965e0d265910e6ef68",
"modified_time": "2026-05-21T12:51:33Z",
"source": "amazon-inspector",
"id": "IN-MAL-2026-003811",
"import_time": "2026-05-26T05:51:21.906836247Z"
}
],
"iocs": {
"domains": [
"telemetry021312.blob.core.windows.net",
"odifkwepasasf.blob.core.windows.net"
]
}
}{
"package_integrity": [
{
"filename": "tensor_compute-1.0.0.tar.gz",
"hashes": {
"sha256": "78db289181a73a56fc0e42fa8a9fccd475b6b9262c2a7046f92f76fe679f2ab4",
"md5": "4bce3f9f22053e3bdf7079cd73edaebf",
"blake2b_256": "45f015dc5b5982528c16ec3c6fb4454e0311ad42a8b872b640341828e4ed51ef"
}
}
],
"evidence_files": [
{
"sha256": "20571ba1f218ebda058673929a3763c8dc66e414649f451e961e092321090233",
"path": "src/build_ext.py",
"tlsh": "ee126336ee2fec315275c59ecca29597e73902035a43506e74ec81182f72075c2b9ead"
},
{
"sha256": "598e7da9e995bbda5fa52509a575edd8ddabee0a3d44bd886d825217ea051e70",
"path": "standalone.py",
"tlsh": "b5515276ed304065e27a86996047a101f762130373131c9ebdac839cafb0947e6fa8fd"
},
{
"sha256": "6253744ddebccdfd1252130231796ea9fe1b1a1bc57f00e4bcaef55548efa04a",
"path": "standalonobf.py",
"tlsh": "b7c1d951c950c7dab5bb404d026a8978f7274b02e731b75738ec0affef31c91a815a8a"
},
{
"sha256": "91a64d498bdb25b577e4abb7283d54ce0753cc4cecf7d9a0081899acbe0ce130",
"path": "pyproject.toml",
"tlsh": "1f217173da436ca25aa2628158304813f631420f584168dd30fbc08c0baefb1c7dec29"
}
],
"domains": [
"odifkwepasasf.blob.core.windows.net"
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tensor-compute/MAL-2026-4223.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]