Xinference, an open-source distributed AI model inference framework, suffered a supply chain attack when attackers compromised PyPI release credentials of maintainers and published three malicious versions (2.6.0, 2.6.1, 2.6.2) on April 22, 2026. The malicious code, encoded in Base64 layers within __init__.py, executes automatically upon library installation or import, collecting cloud credentials, SSH keys, API tokens, database passwords, cryptocurrency wallets, and environment variables. The payload specifically targets AWS environments through metadata service exploitation and uploads stolen data to attacker-controlled infrastructure. The attack affects users who downloaded these versions from PyPI, which has over 680,000 total downloads. Attribution remains unclear as TeamPCP's name appears in the code but the group denies involvement, suggesting third-party impersonation.