Malicious PyPI Package Compromises Developer Data and Cryptocurrency Wallets

Severity: High (Score: 72.0)

Sources: Bleepingcomputer

Summary

A malicious version of the popular Python package elementary-data (version 0.23.3) was uploaded to the Python Package Index (PyPI), targeting sensitive developer information and cryptocurrency wallets. The attack exploited a GitHub Actions script injection flaw, allowing the attacker to execute shell code and expose the GITHUB_TOKEN. This enabled the attacker to forge a signed commit and trigger the legitimate release pipeline, which published the compromised package and a malicious Docker image. Users who downloaded the malicious version remain compromised, and a clean version (0.23.4) has since been released. The incident affects the dbt ecosystem, which has over 1.1 million monthly downloads. Affected users are advised to rotate all secrets and restore their environments from a known safe point. The malicious release included a file that executed a secrets stealer at startup. Systems that did not pin package versions automatically pulled the backdoored build. The incident highlights vulnerabilities in package management workflows. Key Points: • A malicious version of the elementary-data package was uploaded to PyPI, affecting over 1.1 million users. • The attack exploited a GitHub Actions script injection flaw, allowing unauthorized code execution. • Users are advised to rotate secrets and restore environments if they downloaded the compromised package.

Key Entities

• Malware (attack_type)
• Supply Chain Attack (attack_type)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-94 - Code Injection (cwe)
• ghcr.io (domain)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• Docker (tool)
• GitHub Actions (tool)
• GitHub (platform)
• GitHub Container Registry (platform)
• PyPI (platform)