Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials

A recent supply chain attack has targeted the popular Python package Xinference, after malicious versions were uploaded to the Python Package Index (PyPI), putting developers and organizations at risk of credential theft.

According to security findings, Xinference versions 2.6.0, 2.6.1, and 2.6.2 were compromised with hidden infostealer malware.

The package, which has recorded over 600,000 downloads, was altered to include obfuscated malicious code designed to extract sensitive data from infected systems.

The injected code executes automatically when the package is imported. Researchers found that it contains a base64-encoded payload embedded within the _init_.py file.

Once decoded, the payload deploys a second-stage infostealer capable of harvesting a wide range of sensitive information.

Data targeted by the malware includes AWS credentials and secrets, Google Cloud configurations, Kubernetes tokens, environment variables, SSH keys, API keys, and database credentials.

It also attempts to extract cryptocurrency wallet data, shell history, SSL certificates, and service credentials such as Slack or Discord webhooks.

The stolen data is compressed and exfiltrated to a remote command-and-control (C2) server located at whereisitat[.]lucyatemysuperbox[.]space.

Interestingly, the malicious code contains references to “TeamPCP,” a known entity in previous incidents.

However, TeamPCP publicly denied any involvement via their official X (formerly Twitter) account, raising the possibility of false attribution or impersonation by threat actors.

The compromise appears to be linked to an automated account named “XprobeBot,” which pushed a malicious commit on April 22, 2026.

The bot, reportedly active since October 2025, is suspected to have been hijacked and used to inject the payload into the package repository.

The issue came to light after a user reported suspicious behavior following installation of the affected versions. Xinference maintainers later confirmed the breach and identified version 2.5.0 as the latest safe release.

Any user or organization that installed Xinference versions 2.6.0 through 2.6.2 during the exposure window may be affected.

Security experts warn that environments without pinned dependencies are particularly vulnerable to such supply chain attacks.

Immediate mitigation steps include downgrading Xinference to version 2.5.0 or earlier, rotating all potentially exposed credentials, and enabling multi-factor authentication (MFA) wherever possible.

Organizations are also advised to audit access logs across cloud platforms, CI/CD pipelines, and version control systems for signs of unauthorized activity.

This incident highlights the growing trend of software supply chain attacks, where attackers compromise trusted packages to distribute malware at scale.

As attackers continue to refine these tactics, proactive measures such as dependency pinning and continuous monitoring remain critical defenses.

Indicators of compromise (IOCs) include the malicious domain whereisitat[.]lucyatemysuperbox[.]space, which should be blocked and monitored across networks.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials appeared first on Cyber Security News.