On April 22, 2026, versions 2.6.0, 2.6.1, and 2.6.2 of the xinference open-source package on PyPI were found to include a two-stage credential-stealing payload. This payload is embedded in the xinference/__init__.py file, which automatically executes upon the import of the package. Once triggered, it decodes a second-stage collector that captures sensitive information including SSH keys, cloud credentials, environment variables, and cryptocurrency wallet details. This data is subsequently exfiltrated as a tar.gz file named love.tar.gz to the command and control (C2) server at http://whereisitat.lucyatemysuperbox.space using a curl POST request. The integrity of these compromised versions was compromised enough to prompt their immediate removal from PyPI.