caught this today and wanted to flag it here before it gets buried.

TeamPCP compromised a GitHub account, found a PyPI publish token sitting in the repo secrets, and used it to push malicious versions of Microsoft's durabletask package. 1.4.1, 1.4.2 and 1.4.3 are all malicious.

payload runs the moment you import it. no errors, nothing that looks off, just silently stealing credentials in the background, cloud provider keys, SSH keys, Docker creds, 1Password and Bitwarden vaults, HashiCorp Vault secrets, shell history. On AWS it propagates to other EC2 instances via SSM. Kubernetes environments get it through kubectl exec.

417k downloads a month on this package. GitHub is also investigating a separate claimed breach of \~4,000 of their internal repos from the same group, apparently stemming from the same initial access.

The entry point was a token with too much access sitting in a repo secret. That's it.

If your pipelines pulled durabletask recently, treat those machines as fully compromised. Rotate everything, don't just remove the package.

Has anyone already run into this? how wide the impact is.