durabletask PyPI Supply Chain Compromise

Multi-Stage Credential Stealer, Worm, and Geotargeted Wiper in Microsoft's Azure Workflow SDK

Three malicious releases of Microsoft's durabletask Python SDK (1.4.1–1.4.3) were published to PyPI on May 19, 2026 by the TeamPCP threat group via a stolen PyPI API token. A silent import-time dropper fetched a second-stage payload (rope.pyz) that harvests credentials from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, and 90+ developer tool configurations, worms to up to 10 adjacent hosts via AWS SSM and Kubernetes exec, and deploys a geotargeted disk wiper on Israeli and Iranian systems. PyPI yanked all three malicious versions within hours. Pin to durabletask==1.4.0 immediately.