Popular PyPI Package Hacked to Inject Malicious Scripts
Key Takeaways A critical software supply chain attack compromised the popular elementary-data Python package. Threat actors injected malicious scripts into the project’s GitHub Actions...
Key Takeaways
- A critical software supply chain attack compromised the popular
elementary-dataPython package. - Threat actors injected malicious scripts into the project’s GitHub Actions pipeline, pushing a poisoned version (0.23.3) to PyPI and GitHub Container Registry.
- The malicious package deploys a sophisticated, multi-stage information stealer targeting cloud credentials, SSH keys, Kubernetes tokens, and cryptocurrency wallets.
- Immediate action was taken to remove the compromised version, with a clean update (0.23.4) now available.
- Affected users must rotate all credentials and implement enhanced security measures.
A significant software supply chain compromise has impacted the widely used Python package elementary-data, potentially exposing thousands of developers to extensive credential theft. Attackers successfully infiltrated the Python Package Index (PyPI) and the GitHub Container Registry (GHCR) by injecting a malicious version, 0.23.3, of the package and its corresponding Docker images.
Table Of Content
With over a million monthly downloads, elementary-data serves as a critical dbt data observability tool, making it an attractive target for cybercriminals. Researchers at StepSecurity revealed that the attack did not stem from compromised developer credentials but rather exploited a script-injection vulnerability within the project’s GitHub Actions pipeline.
Exploiting GitHub Actions for Malicious Payload Delivery
The attackers initiated the compromise by submitting a malicious script within a comment on an open pull request from a newly created GitHub account. Due to inadequate security controls, the automated workflow failed to safely process this comment, leading to the execution of the embedded malicious code.
Leveraging the workflow’s inherent access token, the threat actors were able to forge a verified release commit. This allowed them to trigger the official publishing process for the poisoned package without ever directly modifying the main codebase, effectively bypassing standard security checks.
Upon installation, the compromised elementary-data package drops a file named elementary.pth into the system environment. Python’s interpreter automatically executes .pth files at startup, ensuring the immediate activation of the malware on any machine where the package is present.
Threat intelligence reports indicate that the payload is a sophisticated, three-stage information stealer designed to exfiltrate critical developer secrets and credentials. The malware systematically targets and steals a wide array of sensitive data, including:
- Cloud access tokens for AWS, Google Cloud, and Azure.
- SSH private keys and Git credentials.
- Kubernetes service account tokens and Docker configurations.
- Environment (
.env) files containing application secrets. - Multiple cryptocurrency wallets, including Bitcoin and Ethereum.
All stolen data is subsequently compressed into an archive and covertly transmitted to an attacker-controlled command-and-control (C2) server.
Affected Versions and Remediation
To ascertain potential exposure, StepSecurity advises users to inspect their installed builds. The specific compromised version of the elementary-data PyPI package is 0.23.3. Users running version 0.23.4 or the earlier 0.23.2 are not affected.
Similarly, the malicious Docker image is identified as ghcr.io/elementary-data/elementary:0.23.3. Users of version 0.23.4 or 0.23.2 are safe. Additionally, if the latest Docker image tag in use has a digest ending in 634255, the environment is compromised. StepSecurity emphasizes the importance of updating the latest tag to a clean build.
The swift identification of the malicious code by community members Crisperik and H-Max led to prompt alerts to the maintainers. The Elementary team acted quickly, removing the dangerous 0.23.3 version from PyPI and GHCR and releasing a clean 0.23.4 replacement on the same day.
What You Should Do
- Immediately Update: Ensure all instances of
elementary-dataare updated to version 0.23.4 or later. For Docker users, verify thatghcr.io/elementary-data/elementary:0.23.4or a clean build of thelatesttag is deployed. - Rotate Credentials: For any system that installed the compromised version (0.23.3), promptly rotate all cloud access tokens (AWS, Google Cloud, Azure), SSH private keys, Git credentials, Kubernetes service account tokens, Docker configurations, and any application secrets stored in
.envfiles. - Review and Secure Wallets: If cryptocurrency wallets were present on affected machines, transfer funds to new, secure wallets and monitor for unauthorized transactions.
- Enable Multi-Factor Authentication (MFA): Implement MFA across all critical infrastructure and developer accounts to add an extra layer of security against credential theft.
- Pin Dependencies: To prevent similar supply chain attacks, configure package managers to pin dependencies to specific, verified versions rather than relying on broad version ranges or
latesttags. - Audit Logs: Review system and network logs on potentially affected machines for any signs of unusual outbound connections or file transfers indicative of data exfiltration.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.