VYPR
← All malware advisories

pypi · Malicious package advisory

Malware

durabletask

MAL-2026-4174

Malicious code in durabletask (PyPI)

Details

**1.4.1**, **1.4.2**, and **1.4.3** of `durabletask` were compromised via a **PyPI maintainer account takeover**. All three malicious versions were published on 2026-05-19 within a 35-minute window (16:19–16:54 UTC). Pin to `<=1.4.0`.

**Attack chain**

- *Stage 1 — Import-time dropper:* on import, the package fetches a second-stage payload `rope.pyz` from `check.git-service.com` (`160.119.64.3`). The TLS certificate for this C2 was issued on 2026-05-16, indicating ~3 days of pre-attack staging.
- *Stage 2 — Credential-theft framework:*
  - AWS / Azure / GCP IMDS interrogation and Secrets Manager dumps
  - Kubernetes lateral movement via in-cluster service-account tokens
  - HashiCorp Vault token extraction
  - Harvesting from 85 known filesystem credential paths
  - Brute-forcing of local password manager vaults
- *Exfiltration:* stolen data is encrypted and shipped to the primary C2, with a **dead-drop fallback** that pushes encrypted blobs as GitHub commits (FIRESCALE-style egress).
- *Persistence:* systemd unit `pgsql-monitor.service`.
- *Destructive payload:* a **geotargeted wiper** activates on hosts identified as being located in **Israel** or **Iran**.

**Indicators of compromise**

- C2 (primary): `check.git-service.com` — `160.119.64.3`
- C2 (secondary): `t.m-kosche.com` — `185.95.159.32`
- Dropped payload: `rope.pyz`
- Persistence unit: `pgsql-monitor.service`

**Recommended actions**

- Pin `durabletask` to `<=1.4.0`.
- Block both C2 domains at network egress.
- Treat any Linux system that imported 1.4.1 / 1.4.2 / 1.4.3 as **fully compromised** — rotate all reachable secrets and rebuild affected hosts. 
---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (78c753d3badef7f806bd71d60c2bb890ccc969a3fb360596e2872ae580d135f8)
Compromised release of Microsoft's Durable Task SDK. Stage-1 dropper in __init__.py downloads and executes a credential-stealing zipapp from check.git-service.com on Linux at import time.

## Source: kam193 (9c23380bb017a417e3f26575c5b96e32fb0bf11dec8314d16f8b979052748049)
Versions 1.4.1, 1.4.2, 1.4.3 were compromised.


During import of compromised versions, the malicious code is downloaded and executed. It exfiltrates all kinds of credentials and sensitive files, including data from secret and password managers, SSH keys, configuration files. Code tries to achieve a persistence via systemd unit.


---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.


Campaign: 2026-05-compr-durabletask


Reasons (based on the campaign):


 - files-exfiltration


 - exfiltration-env-variables


 - exfiltration-ssh-keys


 - exfiltration-cloud-tokens


 - Downloads and executes a remote malicious script.


 - exfiltration-credentials


 - persistence


 - compromised-package

Compromised versions (3)

  • 1.4.1
  • 1.4.2
  • 1.4.3

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.