TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package
The xinference package on PyPI was compromised with a two-stage credential stealer attributed to the TeamPCP threat actor. The malicious code was injected into the package, potentially affecting users who installed compromised versions.
- Disclosed
- Last updated
- Blast radius
- Unknown - dependent on xinference adoption and versions exposed
- Ecosystems
- Attack vectors
- Threat actor
- Affected entities
- xinferencePyPI package compromised with two-stage credential stealer
TeamPCP, a known threat actor, injected a two-stage credential stealer into the xinference PyPI package. The malicious payload was designed to exfiltrate credentials from affected systems.\n\nThe xinference package is a PyPI-hosted open-source project. The compromise represents a direct supply chain attack against the Python package ecosystem, potentially affecting all users who installed or updated to a compromised version during the attack window.\n\nThe incident was discovered and reported by StepSecurity. The two-stage nature of the stealer suggests a sophisticated attack aimed at maximizing credential harvesting before detection.
Indicators of compromise
- Packages
- xinference
Remediation
- Identify and audit all systems that installed xinference during the attack window
- Rotate all credentials on affected systems immediately
- Upgrade xinference to a patched, verified-clean version from the maintainers
- Review package source repository commit history for unauthorized changes
- Monitor for credential theft indicators and suspicious authentication activity
- Implement package pinning and verification controls in package management workflows
Sources
Cite this entry
"TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed May 4, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/teampcp-injects-two-stage-credential-stealer-into-xinference-pypi-package-1du39z
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedhigh
lightning: Obfuscated JavaScript Credential Stealer Bundled in PyPI Wheel
The lightning PyPI package versions 2.6.2 and 2.6.3 were compromised on April 30, 2026, containing obfuscated JavaScript code designed to steal credentials. The project's GitHub account showed signs of compromise, with suspicious responses closing vulnerability reports.
Mini Shai HuludPyPICompromised packageMalicious maintainer - activecritical
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.
TeamPCPnpmOtherAccount takeoverCompromised packageMalicious maintainer - resolvedcritical
Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack
StepSecurity detected a compromise of axios, described as the largest npm supply chain attack on a single package by download count. A state-sponsored threat actor is reported to have actively suppressed warnings by deleting GitHub issues. Detection occurred before public disclosure.
UNC1069npmCompromised packageMalicious maintainer - activecritical
Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor
Three IoliteLabs VSCode extensions (solidity-macos, solidity-windows, solidity-linux) containing obfuscated backdoors targeting Solidity and Web3 developers across Windows, macOS, and Linux. The backdoors download remote payloads and establish persistence mechanisms on infected systems.
Container registryOtherCompromised packageMalicious maintainer