A widely used Python package has been compromised in a supply chain attack. The package, elementary-data, has over one million monthly downloads on Python Package Index, which makes the incident a serious concern for developers and companies relying on it.
Security researchers at StepSecurity reported that attackers successfully published a malicious version, 0.23.3, to PyPI. The same compromised version was also pushed as a container image on GitHub Container Registry, increasing the spread of the attack across different environments.
The attack did not rely on stolen credentials or direct access to the repository. Instead, the attackers exploited a weakness in the project’s GitHub Actions workflow. A malicious script was injected through a pull request comment. Due to improper validation, the automated workflow executed the script and used built-in access tokens to publish a verified release.
Once installed, the compromised package drops a hidden file that executes automatically when Python starts. This file is designed to steal sensitive information from the system. It targets cloud credentials, SSH keys, Git credentials, Kubernetes tokens, Docker configurations, environment files, and even cryptocurrency wallets. The collected data is then sent to a remote server controlled by the attackers.
The affected version is 0.23.3. Safe versions include 0.23.2 and 0.23.4. Users who installed the compromised version are advised to immediately rotate all credentials, API keys, and passwords.
Supply chain attacks like this have become increasingly common. Almost every week, there is a new report of a compromised open-source package or dependency. The reason is simple. Attackers do not need to break into individual systems. By compromising a single popular package, they can reach thousands of systems at once.
This incident shows several important security gaps. First, automation pipelines should never execute untrusted inputs, especially from public contributions. Second, access tokens used in CI/CD systems should have strict limits instead of broad permissions. Third, dependency updates should be verified and not blindly trusted.
For developers and businesses, this is a reminder to take supply chain security seriously. Dependencies should be pinned to known safe versions. CI pipelines should be reviewed for security risks. Access keys should be rotated regularly and stored securely. Multi-factor authentication should be enabled across all critical systems.
