A threat actor compromised the popular elementary-data PyPI package (1.1M monthly downloads) by exploiting a GitHub Actions script injection vulnerability. Rather than stealing maintainer credentials, the attacker posted a malicious pull request comment that triggered the project's CI workflow, exposing the GITHUB_TOKEN. This was used to forge a signed release (v0.23.3) that published a backdoored package to PyPI and a malicious Docker image to GitHub Container Registry. The malicious release included a secrets stealer targeting SSH keys, cloud credentials (AWS/GCP/Azure), Kubernetes/Docker/CI secrets, .env files, developer tokens, and cryptocurrency wallets. Users who downloaded elementary-data==0.23.3 or pulled the :latest Docker image should rotate all secrets and restore from a clean state. A patched version (0.23.4) has been released.
Table of contents
Related Articles:Sort: