MALICIOUS (1) campaign cataloged at 2026-05-21(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-05-tensor-compute

The package performs a targeted attack on specific environments. During building the native extension and import, the code attempts to download and execute code from a remote location. Access to the remote code is filtered. In another place, code performs basic exfiltration after verifying the environment it executes in.

Abuse categories

basic_exfiltration

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

remote_script

Downloads and executes a remote malicious script.

targetted-attack

Campaign uses targetted-attack.

IoCs & related URLs

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

• telemetry021312.blob.core.windows.net

• odifkwepasasf.blob.core.windows.net

Packages in the campaign

campaign:2026-05-tensor-compute

• tensor-compute