MAL-2026-3000

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/xinference/MAL-2026-3000.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-3000

Published

2026-04-22T22:06:22Z

Modified

2026-04-23T09:47:00.922826Z

Summary

Malicious code in xinference (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (54172efdf42a71a4e8f39d6ddb66b03c848fcedce234a3d5b2d045d895da256b)

Versions 2.6.0, 2.6.1, 2.6.2 were compromised.

Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI releases were published. Infected releases contain code typical for TeamPCP actions that exfiltrates all kinds of sensitive data (credentials, env variables, SSH keys, cloud tokens, configuration files, shell histories, cryptowallets, data from secret managers...). Malicious action activates during importing the main package's module. TeamPCP denies their involvement.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-04-teampcp

Reasons (based on the campaign):

exfiltration-env-variables
exfiltration-ssh-keys
obfuscation
exfiltration-cloud-tokens
exfiltration-crypto
exfiltration-credentials
compromised-package

Database specific

{
    "iocs": {
        "domains": [
            "hereisitat.lucyatemysuperbox.space"
        ]
    },
    "malicious-packages-origins": [
        {
            "source": "kam193",
            "id": "pypi/2026-04-teampcp/xinference",
            "modified_time": "2026-04-22T22:06:22Z",
            "sha256": "25da806da7e63e3ef29a6bf9a22495ddb5994053824700948e6740be10a2631c",
            "versions": [
                "2.6.0",
                "2.6.1",
                "2.6.2"
            ],
            "import_time": "2026-04-22T22:20:46.472064184Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2026-04-teampcp/xinference",
            "modified_time": "2026-04-22T22:06:22Z",
            "sha256": "f288797f91465adeae4842f0207774f4449e72e97db4a5294c21e49ad43feb91",
            "versions": [
                "2.6.0",
                "2.6.1",
                "2.6.2"
            ],
            "import_time": "2026-04-22T22:48:21.826807823Z"
        },
        {
            "source": "kam193",
            "id": "pypi/2026-04-teampcp/xinference",
            "modified_time": "2026-04-22T22:06:22Z",
            "sha256": "54172efdf42a71a4e8f39d6ddb66b03c848fcedce234a3d5b2d045d895da256b",
            "versions": [
                "2.6.0",
                "2.6.1",
                "2.6.2"
            ],
            "import_time": "2026-04-23T09:39:00.176250113Z"
        }
    ]
}

References

Credits

- Kamil Mańkowski (kam193) - ANALYST
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / xinference

Package

Name: xinference; View open source insights on deps.dev
Purl: pkg:pypi/xinference

Affected ranges

Affected versions

2.*

2.6.0

2.6.1

2.6.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/xinference/MAL-2026-3000.json"