{"id":"MAL-2025-191890","summary":"Malicious code in tensorflowlitex (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (c4b20463291f0bcc715ff6daffb6b2cc258096921b2aaf2a0b9bf96947b49b46)\nImporting the module (__init__.py) starts downloading and executing a remote exectuable, which has been identified by any.run and tria.ge as a malicious infostealer\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2025-04-tensorflowlitex\n\n\nReasons (based on the campaign):\n\n\n - Downloads and executes a remote executable.\n\n\n - exfiltration-browser-data\n\n\n - infostealer\n\n\n - malware\n\n\n - typosquatting\n","modified":"2025-12-12T20:43:12.255008Z","published":"2025-04-25T12:00:27Z","database_specific":{"iocs":{"urls":["https://raw.githubusercontent.com/maheswede/min/main/aur.exe","https://raw.githubusercontent.com/maheswede/kilo/main/Fwmdlz.mp4"]},"malicious-packages-origins":[{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","id":"pypi/2025-04-tensorflowlitex/tensorflowlitex","import_time":"2025-12-02T22:30:55.631390546Z","modified_time":"2025-04-25T12:00:27Z","sha256":"1f8c546b796531a1fcf06e705691909563fce6128815b2d4a8f9333c1cb967fd"},{"ranges":[{"events":[{"introduced":"0"}],"type":"ECOSYSTEM"}],"source":"kam193","id":"pypi/2025-04-tensorflowlitex/tensorflowlitex","import_time":"2025-12-02T23:07:18.67329622Z","modified_time":"2025-04-25T12:00:27Z","sha256":"c4b20463291f0bcc715ff6daffb6b2cc258096921b2aaf2a0b9bf96947b49b46"},{"sha256":"40762c570ef9125e0eb16acd8ede71c1c50493437fd459ddffd584aab1bcba26","source":"kam193","versions":["0.1.7"],"id":"pypi/2025-04-tensorflowlitex/tensorflowlitex","import_time":"2025-12-10T21:38:57.859800082Z","modified_time":"2025-04-25T12:00:27Z"}]},"references":[{"type":"EVIDENCE","url":"https://app.any.run/tasks/873a1b14-7bab-4d85-bcc0-b7bd281d9640"},{"type":"EVIDENCE","url":"https://tria.ge/250425-nqzrrssxht"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/tensorflowlitex"}],"affected":[{"package":{"name":"tensorflowlitex","ecosystem":"PyPI","purl":"pkg:pypi/tensorflowlitex"},"versions":["0.1.7"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tensorflowlitex/MAL-2025-191890.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"]},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}