MAL-2026-983
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tensorflow-opt/MAL-2026-983.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-983
- Published
- 2026-02-22T16:53:45Z
- Modified
- 2026-02-22T17:17:58.226159Z
- Summary
- Malicious code in tensorflow-opt (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14)
Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start" method, the cryptominer is copied from the package directory to the main TensorFlow installation dir, and the cryptomining for a hardcoded wallet starts.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-02-old-tensorflow-opt
Reasons (based on the campaign):
impersonation
dependency-confusion
cryptominer
- Database specific
{ "malicious-packages-origins": [ { "sha256": "c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14", "id": "pypi/2026-02-old-tensorflow-opt/tensorflow-opt", "source": "kam193", "modified_time": "2026-02-22T16:53:45.404256Z", "import_time": "2026-02-22T17:09:55.675085375Z", "versions": [ "0.6", "0.7", "0.8", "0.9", "0.10", "0.11", "0.12", "0.13", "0.14", "0.15", "0.16", "0.17", "0.18", "0.19", "0.20", "0.21", "0.22", "0.23", "0.24", "0.25", "0.26", "0.27", "0.28", "0.29", "0.30", "0.40" ] } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / tensorflow-opt
Package
- Name
- tensorflow-opt
- View open source insights on deps.dev
- Purl
- pkg:pypi/tensorflow-opt