MAL-2026-4223

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tensor-compute/MAL-2026-4223.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-4223
Published
2026-05-21T12:51:33Z
Modified
2026-05-26T06:03:15.731393462Z
Summary
Malicious code in tensor-compute (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9a3d1b50077a6311a43061891fa560d2c180fbdbd12ab4965e0d265910e6ef68)

tensor-compute@1.0.0 presents itself as a Rust-backed tensor library but is a dropper. setup.py registers a custom buildext command (src/buildext.py) whose run() invokes RustBuildContext.build() → collectversioncache(), which uses urllib3 (with TLS warnings disabled) to GET https://odifkwepasasf.blob.core.windows.net/share/standalone.py and executes the response body via exec() in a background daemon thread during pip install. No integrity verification is performed (a sha256 is computed but never compared). The shipped stage-2 (standalone.py, also present in obfuscated form as standalonobf.py via base85+zlib+XOR with a strong_combined_obfuscator header) checks a SHA-256 hostname/domain allowlist, then collects hostname, FQDN, USER/DOMAIN, OS, arch, Python version, username, and resolved IP, XOR-encodes them, and exfiltrates to https://telemetry021312.blob.core.windows.net/share/tensor-compute?v=<hex> with a spoofed Chrome User-Agent. Cover-story signals reinforce intent: tensorcore.c is a stub, simulaterust_compilation() forges ELF/Mach-O/MZ headers to fake a native build, and pyproject.toml/setup.cfg carry placeholder author metadata (Your Name, your.email@example.com, yourusername).

Source: kam193 (65d708cc1f7f21e95b09b365734e06251c59f931bf07ff7fbb004713064bcae7)

The package performs a targeted attack on specific environments. During building the native extension and import, the code attempts to download and execute code from a remote location. Access to the remote code is filtered. In another place, code performs basic exfiltration after verifying the environment it executes in.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-tensor-compute

Reasons (based on the campaign):

  • targetted-attack

  • Downloads and executes a remote malicious script.

  • obfuscation

  • The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "65d708cc1f7f21e95b09b365734e06251c59f931bf07ff7fbb004713064bcae7",
            "modified_time": "2026-05-21T13:00:34.804978Z",
            "source": "kam193",
            "import_time": "2026-05-21T13:37:20.567566509Z",
            "id": "pypi/2026-05-tensor-compute/tensor-compute"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "50a7fb2b958103443168b75f03217f827b02f5477b1ae26519b34615f071413a",
            "modified_time": "2026-05-21T12:53:00Z",
            "source": "amazon-inspector",
            "import_time": "2026-05-26T05:51:22.140152054Z",
            "id": "IN-MAL-2026-003813"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "9a3d1b50077a6311a43061891fa560d2c180fbdbd12ab4965e0d265910e6ef68",
            "modified_time": "2026-05-21T12:51:33Z",
            "source": "amazon-inspector",
            "id": "IN-MAL-2026-003811",
            "import_time": "2026-05-26T05:51:21.906836247Z"
        }
    ],
    "iocs": {
        "domains": [
            "telemetry021312.blob.core.windows.net",
            "odifkwepasasf.blob.core.windows.net"
        ]
    }
}
References
Credits

Affected packages

PyPI / tensor-compute

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "tensor_compute-1.0.0.tar.gz",
            "hashes": {
                "sha256": "78db289181a73a56fc0e42fa8a9fccd475b6b9262c2a7046f92f76fe679f2ab4",
                "md5": "4bce3f9f22053e3bdf7079cd73edaebf",
                "blake2b_256": "45f015dc5b5982528c16ec3c6fb4454e0311ad42a8b872b640341828e4ed51ef"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "20571ba1f218ebda058673929a3763c8dc66e414649f451e961e092321090233",
            "path": "src/build_ext.py",
            "tlsh": "ee126336ee2fec315275c59ecca29597e73902035a43506e74ec81182f72075c2b9ead"
        },
        {
            "sha256": "598e7da9e995bbda5fa52509a575edd8ddabee0a3d44bd886d825217ea051e70",
            "path": "standalone.py",
            "tlsh": "b5515276ed304065e27a86996047a101f762130373131c9ebdac839cafb0947e6fa8fd"
        },
        {
            "sha256": "6253744ddebccdfd1252130231796ea9fe1b1a1bc57f00e4bcaef55548efa04a",
            "path": "standalonobf.py",
            "tlsh": "b7c1d951c950c7dab5bb404d026a8978f7274b02e731b75738ec0affef31c91a815a8a"
        },
        {
            "sha256": "91a64d498bdb25b577e4abb7283d54ce0753cc4cecf7d9a0081899acbe0ce130",
            "path": "pyproject.toml",
            "tlsh": "1f217173da436ca25aa2628158304813f631420f584168dd30fbc08c0baefb1c7dec29"
        }
    ],
    "domains": [
        "odifkwepasasf.blob.core.windows.net"
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tensor-compute/MAL-2026-4223.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]