MAL-2026-3000
Malicious code in xinference (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d) Versions 2.6.0, 2.6.1, 2.6.2 were compromised.
Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI releases were published. Infected releases contain code typical for TeamPCP actions that exfiltrates all kinds of sensitive data (credentials, env variables, SSH keys, cloud tokens, configuration files, shell histories, cryptowallets, data from secret managers...). Malicious action activates during importing the main package's module. TeamPCP denies their involvement.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-04-teampcp
Reasons (based on the campaign):
- exfiltration-env-variables
- exfiltration-ssh-keys
- obfuscation
- exfiltration-cloud-tokens
- exfiltration-crypto
- exfiltration-credentials
- compromised-package
- exploited-ci-vulnerability
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for xinference (pip). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/xorbitsai/inference/issues/4828 [WEB]
- https://github.com/xorbitsai/inference/pull/4826 [WEB]
- https://github.com/oaoaoaoaooaoa/inference/blob/f6cf73a913443d8098d7fe2456b54cdc25eb9574/doc/source/gen_docs.py [WEB]
- https://bad-packages.kam193.eu/pypi/campaign/2026-04-teampcp [WEB]
- https://x.com/pcpcats/status/2046927940932260092 [WEB]
- https://research.jfrog.com/post/xinference-compromise/ [WEB]