According to Beating's monitoring, on May 12 at 3:20–3:26 UTC+8, attackers affiliated with TeamPCP hijacked the official release pipelines of TanStack, Amazon's OpenSearch, and Mistral, pushing 84 malicious package versions across npm and PyPI. Affected packages include @tanstack/react-router (10M+ weekly downloads), @opensearch-project/opensearch (1.3M weekly downloads), and Mistral's mistralai client. The malicious packages bypassed security trust mechanisms by exploiting GitHub Actions configuration flaws to obtain legitimate temporary publishing credentials, allowing them to acquire valid SLSA build provenance signatures.
Socket.dev's reverse analysis reveals the worm persists even after package removal by injecting code into Claude Code execution hooks (.claude/settings.json) and VS Code task configurations (.vscode/tasks.json). On Python packages, the malware activates silently upon import without requiring function calls. Affected machines should be treated as compromised; users must immediately rotate AWS, GitHub, npm, and SSH credentials and reinstall from clean lockfiles.