durabletask (Microsoft's Python Durable Task client) compromised by TeamPCP
The Python Durable Task client package 'durabletask' from Microsoft was compromised by the threat actor TeamPCP. Malicious versions 1. 4. 1, 1. 4. 2, and 1. 4. 3 were pushed to PyPI using stolen CI/CD credentials. These trojanized packages contained backdoors that harvested credentials at runtime and propagated further through stolen credentials. This compromise is part of a broader supply chain attack campaign by TeamPCP affecting multiple developer tools and SDKs since March 2026.
AI Analysis
Technical Summary
TeamPCP conducted a supply chain attack by compromising Microsoft's Python Durable Task client package on PyPI. Using stolen CI/CD credentials, they published malicious versions 1.4.1 through 1.4.3 that included credential-stealing malware. This campaign has targeted multiple packages, leveraging trusted developer tools to propagate malware and harvest credentials. The attack chain involves backdooring packages, stealing CI/CD secrets, and pushing further malicious versions downstream. The compromise was publicly disclosed on May 27, 2026, with detailed analysis available from multiple security research sources.
Potential Impact
Malicious versions of the durabletask package could lead to credential theft and further propagation of malware within affected environments. This compromises the security of development and deployment pipelines relying on this package. The attack undermines trust in the supply chain and may expose sensitive credentials and cloud environments to unauthorized access. No known exploits in the wild have been reported yet, but the potential for widespread impact exists given the package's usage in development workflows.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory and trusted security research sources for current remediation guidance. Until an official fix or updated clean package versions are released, avoid using the compromised durabletask versions 1.4.1, 1.4.2, and 1.4.3. Review and rotate any potentially exposed credentials and CI/CD secrets. Monitor official Microsoft and PyPI advisories for updates on remediation and safe package versions.
durabletask (Microsoft's Python Durable Task client) compromised by TeamPCP
Description
The Python Durable Task client package 'durabletask' from Microsoft was compromised by the threat actor TeamPCP. Malicious versions 1. 4. 1, 1. 4. 2, and 1. 4. 3 were pushed to PyPI using stolen CI/CD credentials. These trojanized packages contained backdoors that harvested credentials at runtime and propagated further through stolen credentials. This compromise is part of a broader supply chain attack campaign by TeamPCP affecting multiple developer tools and SDKs since March 2026.
Reddit Discussion
We've been tracking TeamPCP since March. This is the fifth major package in the same campaign.
The pattern:
- Backdoor a trusted developer tool (scanner, SDK, package)
- Use stolen CI/CD credentials to push malicious versions to a registry
- Malicious version harvests credentials at runtime, propagates via the stolen creds
- Repeat
TeamPCP timeline since March:
- Mar 19 - Trivy compromised. CI/CD secrets harvested downstream.
- Mar 24 - LiteLLM 1.82.7/1.82.8 to PyPI via credentials stolen through Trivy. ~95M monthly downloads. ~1,000 cloud environments in a 3 hour window.
- Mar 27 - Telnyx Python SDK 4.87.1/4.87.2 to PyPI. WAV steganography for payload delivery. ~670K monthly downloads.
- April - Bitwarden CLI, SAP npm packages, PyTorch Lightning.
- May 11 - 84 malicious versions across ~170 packages. First SLSA Build Level 3 provenance bypass. OpenAI hit downstream.
- May 20 - durabletask 1.4.1/1.4.2/1.4.3.
Research:
- Aikido: https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud
- StepSecurity IOCs: https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply-chain-attack
- Endor Labs: https://www.endorlabs.com/learn/trojanized-microsoft-sdk-durabletask-1-4-1-through-1-4-3-deliver-credential-stealing-malware
We wrote on the LiteLLM chain attack when this started. Same TTPs, different package: https://www.bluerock.io/post/litellm-supply-chain-protection
Links cited in this discussion
- https://www.aikido.dev/blog/durabletask-package-compromised-mini-shai-hulud
- https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply…
- https://www.endorlabs.com/learn/trojanized-microsoft-sdk-durabletask-1-4-1-through-1-4-3-d…
- https://www.bluerock.io/post/litellm-supply-chain-protection
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
TeamPCP conducted a supply chain attack by compromising Microsoft's Python Durable Task client package on PyPI. Using stolen CI/CD credentials, they published malicious versions 1.4.1 through 1.4.3 that included credential-stealing malware. This campaign has targeted multiple packages, leveraging trusted developer tools to propagate malware and harvest credentials. The attack chain involves backdooring packages, stealing CI/CD secrets, and pushing further malicious versions downstream. The compromise was publicly disclosed on May 27, 2026, with detailed analysis available from multiple security research sources.
Potential Impact
Malicious versions of the durabletask package could lead to credential theft and further propagation of malware within affected environments. This compromises the security of development and deployment pipelines relying on this package. The attack undermines trust in the supply chain and may expose sensitive credentials and cloud environments to unauthorized access. No known exploits in the wild have been reported yet, but the potential for widespread impact exists given the package's usage in development workflows.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory and trusted security research sources for current remediation guidance. Until an official fix or updated clean package versions are released, avoid using the compromised durabletask versions 1.4.1, 1.4.2, and 1.4.3. Review and rotate any potentially exposed credentials and CI/CD secrets. Monitor official Microsoft and PyPI advisories for updates on remediation and safe package versions.
Technical Details
- Source Type
- Subreddit
- blueteamsec+AskNetsec+Information_Security
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":30,"reasons":["external_link","newsworthy_keywords:compromised","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["compromised"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a17207ce29bf47b50d2ea7d
Added to database: 5/27/2026, 4:49:00 PM
Last enriched: 5/27/2026, 4:49:06 PM
Last updated: 5/27/2026, 11:26:57 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.