Xinference Compromised in Supply Chain Attack (Campaign)

Attackers compromised legitimate xinference package releases by inserting malicious code into xinference/__init__.py so the payload runs on import; it launches a base64-encoded script in a detached subprocess to remain stealthy. The malware performs a two-stage operation: stage one deploys a secondary payload, archives collected output into love.tar.gz and exfiltrates it via HTTP POST to an attacker-controlled domain using custom headers; stage two conducts wide host and cloud reconnaissance and credential harvesting (SSH keys, cloud credentials including AWS IMDSv2 tokens, Kubernetes secrets, environment files, API keys) and includes logic to query AWS services like Secrets Manager and SSM.