MAL-2026-4223
Malicious code in tensor-compute (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (9a3d1b50077a6311a43061891fa560d2c180fbdbd12ab4965e0d265910e6ef68) tensor-compute@1.0.0 presents itself as a Rust-backed tensor library but is a dropper. setup.py registers a custom build_ext command (src/build_ext.py) whose run() invokes RustBuildContext.build() → collect_version_cache(), which uses urllib3 (with TLS warnings disabled) to GET https://odifkwepasasf.blob.core.windows.net/share/standalone.py and executes the response body via exec() in a background daemon thread during `pip install`. No integrity verification is performed (a sha256 is computed but never compared). The shipped stage-2 (standalone.py, also present in obfuscated form as standalonobf.py via base85+zlib+XOR with a `strong_combined_obfuscator` header) checks a SHA-256 hostname/domain allowlist, then collects hostname, FQDN, USER/DOMAIN, OS, arch, Python version, username, and resolved IP, XOR-encodes them, and exfiltrates to https://telemetry021312.blob.core.windows.net/share/tensor-compute?v=<hex> with a spoofed Chrome User-Agent. Cover-story signals reinforce intent: tensor_core.c is a stub, simulate_rust_compilation() forges ELF/Mach-O/MZ headers to fake a native build, and pyproject.toml/setup.cfg carry placeholder author metadata (`Your Name`, `your.email@example.com`, `yourusername`).
## Source: kam193 (65d708cc1f7f21e95b09b365734e06251c59f931bf07ff7fbb004713064bcae7) The package performs a targeted attack on specific environments. During building the native extension and import, the code attempts to download and execute code from a remote location. Access to the remote code is filtered. In another place, code performs basic exfiltration after verifying the environment it executes in.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-tensor-compute
Reasons (based on the campaign):
- targetted-attack
- Downloads and executes a remote malicious script.
- obfuscation
- The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for tensor-compute (pip). Pin to a known-safe version or switch to an alternative.