PyPI package with 1.1M monthly downloads hacked to push infostealer

Published:

27 april 2026 om 15:17:37

Alert date:

27 april 2026 om 16:02:16

Source:

bleepingcomputer.com

Supply Chain & Dependencies, Ransomware & Malware, Data Breach & Exfiltration

A malicious version of the popular elementary-data Python package on PyPI was compromised to distribute infostealer malware. The package, which has 1.1 million monthly downloads, was used to target developers and steal sensitive data including cryptocurrency wallets. This represents a significant supply chain attack affecting a widely-used development dependency. The attack demonstrates the ongoing threat to software supply chains through compromised package repositories.

Technical details

Attacker exploited GitHub Actions script injection flaw by posting malicious comment on pull request, causing workflow to execute attacker-controlled shell code. This exposed GITHUB_TOKEN which was used to forge signed commit and tag (v0.23.3), triggering legitimate release pipeline. Malicious release contained elementary.pth file that executed automatically at startup to load secrets stealer. The backdoored package was published to PyPI and malicious image to GitHub Container Registry.

Mitigation steps:

Users who downloaded malicious release elementary-data==0.23.3 and images with tags ghcr.io/elementary-data/elementary:0.23.3 and :latest should rotate all secrets and restore environments from known safe point. Upgrade to clean replacement elementary-data 0.23.4. Pin package versions to avoid automatic pulls of backdoored builds.

Affected products:

elementary-data package version 0.23.3
Docker image ghcr.io/elementary-data/elementary:0.23.3
Docker image ghcr.io/elementary-data/elementary:latest
GitHub Actions workflows
PyPI (Python Package Index)
GitHub Container Registry