VDB
KO

MAL-2026-10690

Malicious code in qwen-asr-pvt (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e) The package's pyproject.toml declares an unpinned runtime dependency on `transformers4576`, a lookalike of the widely used HuggingFace `transformers` library. Every internal import that would normally reference `transformers` has been rewritten to `transformers4576` (e.g., `from transformers4576 import AutoConfig, AutoModel, AutoProcessor` reachable from __init__.py), so `pip install qwen-asr-pvt` forces pip to resolve and install the attacker-controlled `transformers4576` from PyPI. Whatever code is published under that name executes at install/import time on the installer's machine. The lure is reinforced by publisher impersonation: the package name `qwen-asr-pvt` (a `-pvt` suffix on the real `qwen-asr`), the `Alibaba Qwen Team` author metadata, and the homepage pointing at `https://github.com/Qwen/Qwen3-ASR` mimic the official Qwen3-ASR project, while the shipped source is copied from that upstream with import statements rewritten to the typosquat name. Together these signals form a dependency-confusion dropper: the flagged package is the lure, and the harm arrives through the attacker-controlled transitive.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / qwen-asr-pvt

No fixed version published yet for qwen-asr-pvt (pip). Pin to a known-safe version or switch to an alternative.

References