{"id":"MAL-2026-10690","summary":"Malicious code in qwen-asr-pvt (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e)\nThe package's pyproject.toml declares an unpinned runtime dependency on `transformers4576`, a lookalike of the widely used HuggingFace `transformers` library. Every internal import that would normally reference `transformers` has been rewritten to `transformers4576` (e.g., `from transformers4576 import AutoConfig, AutoModel, AutoProcessor` reachable from __init__.py), so `pip install qwen-asr-pvt` forces pip to resolve and install the attacker-controlled `transformers4576` from PyPI. Whatever code is published under that name executes at install/import time on the installer's machine. The lure is reinforced by publisher impersonation: the package name `qwen-asr-pvt` (a `-pvt` suffix on the real `qwen-asr`), the `Alibaba Qwen Team` author metadata, and the homepage pointing at `https://github.com/Qwen/Qwen3-ASR` mimic the official Qwen3-ASR project, while the shipped source is copied from that upstream with import statements rewritten to the typosquat name. Together these signals form a dependency-confusion dropper: the flagged package is the lure, and the harm arrives through the attacker-controlled transitive.\n","modified":"2026-07-15T18:19:27.568481859Z","published":"2026-07-15T17:53:25Z","database_specific":{"malicious-packages-origins":[{"sha256":"68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e","source":"amazon-inspector","versions":["0.0.6"],"id":"IN-MAL-2026-010685","import_time":"2026-07-15T17:59:56.119963418Z","modified_time":"2026-07-15T17:53:25Z"}]},"references":[{"type":"PACKAGE","url":"https://pypi.org/project/qwen-asr-pvt/0.0.6/"}],"affected":[{"package":{"name":"qwen-asr-pvt","ecosystem":"PyPI","purl":"pkg:pypi/qwen-asr-pvt"},"versions":["0.0.6"],"database_specific":{"indicators":{"evidence_files":[{"path":"pyproject.toml","sha256":"db90bf10a59b5a3aee41b6bdb39ceb49c51ad896610f8f4600556ca0ca07fd35","tlsh":"412122a30dd66b21d6f03481705ac500fa12cf2d229248df7ef7824d4099aa7c9bd23c"}],"package_integrity":[{"filename":"qwen_asr_pvt-0.0.6-py3-none-any.whl","hashes":{"md5":"9427b98784bf4ba007ef64b9e49d9473","sha256":"8ddc44f00d83320f9f9c5c8212822a320d0ae0346b57fb9b7d1bb9b0361ece40","blake2b_256":"d30c71fa07a4eb31e25c01190d4b0d9907906bc185cf335e0f3ba8dbfbea3163"}},{"filename":"qwen_asr_pvt-0.0.6.tar.gz","hashes":{"md5":"50ec8bbc99da8482a31b1bd86b739a23","sha256":"885f9b72ca962aaa463721f28b65d30b9b990fbb37f8e41f62d155eb2eac8677","blake2b_256":"c72394ae6d1a2d65adcba66c2f66f19d9b2e46f0c4dbb4d9676a4a045aae0f76"}}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/qwen-asr-pvt/MAL-2026-10690.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"}]}