{"id":"MAL-2026-3000","summary":"Malicious code in xinference (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (54172efdf42a71a4e8f39d6ddb66b03c848fcedce234a3d5b2d045d895da256b)\nVersions 2.6.0, 2.6.1, 2.6.2 were compromised.\n\n\nFollowing a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI releases were published. Infected releases contain code typical for TeamPCP actions that exfiltrates all kinds of sensitive data (credentials, env variables, SSH keys, cloud tokens, configuration files, shell histories, cryptowallets, data from secret managers...). Malicious action activates during importing the main package's module. TeamPCP denies their involvement.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-04-teampcp\n\n\nReasons (based on the campaign):\n\n\n - exfiltration-env-variables\n\n\n - exfiltration-ssh-keys\n\n\n - obfuscation\n\n\n - exfiltration-cloud-tokens\n\n\n - exfiltration-crypto\n\n\n - exfiltration-credentials\n\n\n - compromised-package\n","modified":"2026-04-23T09:47:00.922826Z","published":"2026-04-22T22:06:22Z","database_specific":{"malicious-packages-origins":[{"sha256":"25da806da7e63e3ef29a6bf9a22495ddb5994053824700948e6740be10a2631c","versions":["2.6.0","2.6.1","2.6.2"],"source":"kam193","modified_time":"2026-04-22T22:06:22Z","import_time":"2026-04-22T22:20:46.472064184Z","id":"pypi/2026-04-teampcp/xinference"},{"sha256":"f288797f91465adeae4842f0207774f4449e72e97db4a5294c21e49ad43feb91","versions":["2.6.0","2.6.1","2.6.2"],"source":"kam193","modified_time":"2026-04-22T22:06:22Z","import_time":"2026-04-22T22:48:21.826807823Z","id":"pypi/2026-04-teampcp/xinference"},{"sha256":"54172efdf42a71a4e8f39d6ddb66b03c848fcedce234a3d5b2d045d895da256b","versions":["2.6.0","2.6.1","2.6.2"],"source":"kam193","modified_time":"2026-04-22T22:06:22Z","import_time":"2026-04-23T09:39:00.176250113Z","id":"pypi/2026-04-teampcp/xinference"}],"iocs":{"domains":["hereisitat.lucyatemysuperbox.space"]}},"references":[{"type":"WEB","url":"https://github.com/xorbitsai/inference/issues/4828"},{"type":"WEB","url":"https://github.com/xorbitsai/inference/pull/4826"},{"type":"WEB","url":"https://github.com/oaoaoaoaooaoa/inference/blob/f6cf73a913443d8098d7fe2456b54cdc25eb9574/doc/source/gen_docs.py"},{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/campaign/2026-04-teampcp"},{"type":"WEB","url":"https://x.com/pcpcats/status/2046927940932260092"},{"type":"WEB","url":"https://research.jfrog.com/post/xinference-compromise/"}],"affected":[{"package":{"name":"xinference","ecosystem":"PyPI","purl":"pkg:pypi/xinference"},"versions":["2.6.0","2.6.1","2.6.2"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/xinference/MAL-2026-3000.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"ANALYST"}]}