{"id":"MAL-2026-983","summary":"Malicious code in tensorflow-opt (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14)\nPackage is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the \"start\" method, the cryptominer is copied from the package directory to the main TensorFlow installation dir, and the cryptomining for a hardcoded wallet starts.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-02-old-tensorflow-opt\n\n\nReasons (based on the campaign):\n\n\n - impersonation\n\n\n - dependency-confusion\n\n\n - cryptominer\n","modified":"2026-02-22T17:17:58.226159Z","published":"2026-02-22T16:53:45Z","database_specific":{"malicious-packages-origins":[{"id":"pypi/2026-02-old-tensorflow-opt/tensorflow-opt","source":"kam193","sha256":"c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14","versions":["0.6","0.7","0.8","0.9","0.10","0.11","0.12","0.13","0.14","0.15","0.16","0.17","0.18","0.19","0.20","0.21","0.22","0.23","0.24","0.25","0.26","0.27","0.28","0.29","0.30","0.40"],"import_time":"2026-02-22T17:09:55.675085375Z","modified_time":"2026-02-22T16:53:45.404256Z"}]},"references":[{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/e8e775add50c67e1c6f6ca20db318f745e22b085afcbdf5634015e6ef91e8853/detection"},{"type":"EVIDENCE","url":"https://www.virustotal.com/gui/file/402438684406d1e3b2d1d5629151259ad864ffc55c8e6ab176f4c47c543d4fee/detection"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/tensorflow-opt"}],"affected":[{"package":{"name":"tensorflow-opt","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-opt"},"versions":["0.6","0.7","0.8","0.9","0.10","0.11","0.12","0.13","0.14","0.15","0.16","0.17","0.18","0.19","0.20","0.21","0.22","0.23","0.24","0.25","0.26","0.27","0.28","0.29","0.30","0.40"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/tensorflow-opt/MAL-2026-983.json"}}],"schema_version":"1.7.3","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}