A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft.
Threat actors successfully pushed a malicious version, 0.23.3, to the Python Package Index (PyPI) and poisoned the matching Docker images on the GitHub Container Registry (GHCR).
With over one million monthly downloads, this widely used dbt data observability tool represents a highly lucrative target for cybercriminals.
As detailed by StepSecurity researchers, the attack did not rely on stolen developer passwords.
the original community report (source : stepsecurity )
Instead, hackers exploited a script-injection vulnerability in the project’s GitHub Actions pipeline.
Information Stealer Payload
A newly created GitHub account posted a malicious script in an open pull request comment.
Because the automated workflow failed to process this comment safely, the system executed the code.
Using the workflow’s built-in access token, the attacker forged a verified release commit and triggered the official publishing process without ever touching the main codebase.
The malicious elementary-data 0.23.3 release was listed as the latest on PyPI (Source: stepsecurity)
Once installed, the compromised package drops a single malicious file named elementary.pth into the environment.
Since Python automatically runs .pth files whenever the interpreter starts, the malware activates immediately on any machine where the package is installed.
According to threat intelligence reports, the payload is a sophisticated, three-stage information stealer that actively hunts for critical developer secrets and credentials.
It systematically targets and steals:
Cloud access tokens for AWS, Google Cloud, and Azure.
SSH private keys and Git credentials.
Kubernetes service account tokens and Docker configurations.
Environment (.env) files containing application secrets.
Multiple cryptocurrency wallets, including Bitcoin and Ethereum.
All stolen data is compressed into an archive and silently sent to a remote, attacker-controlled command-and-control server.
The malicious elementary.pth file shipped inside the wheel(source : stepsecurity)
Affected Versions
To check if you are impacted, StepSecurity advises reviewing your installed builds.
The compromised version of the elementary-data PyPI package is 0.23.3. However, users are safe if they use version 0.23.4 or the earlier 0.23.2.
Similarly, the affected Docker image is ghcr.io/elementary-data/elementary:0.23.3, while version 0.23.4 (or 0.23.2) is clean.
Furthermore, if you are using the latest Docker image tag with a digest ending in 634255, your environment is compromised.
The injected payload running inside the workflow (source: stepsecurity)
StepSecurity warns that you must ensure your latest tag is updated to the newly provided clean build.
Thanks to the quick action of community members Crisperik and H-Max, who spotted the malicious code, the maintainers were alerted within hours.
The Elementary team immediately removed the dangerous 0.23.3 version from PyPI and GHCR, releasing a clean 0.23.4 replacement the same day.
Developers who were exposed to the malicious update must fully rotate all credentials, API keys, and database passwords on the affected machines.
Enable two-factor authentication on all vital infrastructure and pin future package dependencies to specific, verified versions to stop automatic malicious updates.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts appeared first on Cyber Security News.
