A severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft.
Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code.
Xinference has over 600,000 total downloads, making this a significant security event for the software development community.
While the malicious script leaves a comment referencing the threat group TeamPCP, the group has publicly denied any involvement through their official X account.
How the Attack Happened
According to OX Security, the breach started when an automated account named XprobeBot, which has been active since October 2025, was likely compromised by attackers.
On April 22, 2026, this bot account committed a malicious base64-encoded payload directly into the package’s __init__.py file.
Because of this specific file placement, the malware executes the moment a developer imports the Xinference package, either automatically or by initializing it in their Python project.
Xinference developers confirmed the security breach after a user reported highly suspicious behavior following a recent update.
Once the initial code runs, it decodes a secondary payload containing the actual infostealer malware. This script immediately begins hunting for sensitive information on the infected machine.
The infostealer is incredibly thorough and targets a wide range of high-value assets stored on developer machines.
It gathers this sensitive information, compresses it, and silently transmits the archive to a remote command-and-control server.
The script specifically searches for several critical data categories.
- Cloud infrastructure configurations for AWS, Google Cloud, and Kubernetes.
- System environment variables, private SSH keys, and SSL certificates.
- Developer API keys, terminal shell history, and database credentials for platforms like SQL, Redis, or MongoDB.
- Cryptocurrency wallets for popular coins like Bitcoin, Ethereum, Dogecoin, and Monero.
- Service credentials and webhooks for platforms like Discord, Slack, and Postfix.
Developers who installed or updated Xinference recently without pinning their dependencies are at severe risk of compromise.
The malicious package versions are identified as 2.6.0, 2.6.1, and 2.6.2. Currently, the latest safe version available on PyPI is 2.5.0. If your organization uses this tool, you must investigate your environment and take quick action.
- Downgrade the Xinference package to version 2.5.0 immediately to remove the active threat.
- Rotate all API keys, cloud credentials, and database passwords that exist on the affected machines.
- Enable two-factor authentication on all vital infrastructure and developer accounts.
- Audit your cloud environments, CI/CD pipelines, and version control systems for any unauthorized access.
- Pin all future package dependencies to specific, verified versions to stop automatic malicious updates.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
