Top open source PyPI package with over 1 million downloads each month hacked to send out malware

News
By published

This was not a case of stolen credentials, experts say

GitHub Webpage
(Image credit: Gil C / Shutterstock)
  • A widely used PyPI package was recently compromised through a malicious update
  • The attack leveraged a GitHub Actions workflow to push infostealer code into a release
  • Maintainers quickly issued a clean version, rotated credentials, and began an external investigation

A popular Python Package Index (PyPI) package has been compromised and used to deliver malware to its users, experts have warned.

A user recently warned maintainers of the Elementary package that the newest version, 0.23.3, contained “malicious base64 encoded code”. The maintainers soon responded, confirming the news, releasing a clean update (0.23.4), and notifying other users.

The elementary-data package is an open source data observability tool for Data Build Tool (dbt). It is used mostly by data engineers and analytics engineers working with data pipelines, and apparently, it is rather popular in the dbt ecosystem, with more than a million monthly downloads on PyPI.

Article continues below

Deploying an infostealer

“An attacker opened a PR with malicious code and exploited a script-injection vulnerability in one of our GitHub Actions workflows to publish it as release 0.23.3,” the maintainers explained. “Users who ran 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed.”

It was also confirmed that Elementary Cloud and the Elementary dbt package were not affected, and neither were other versions of the CLI.

The malicious code acted as an infostealer, grabbing SSH keys, Git credentials, cloud credentials, various secrets (Kubernetes, Docker, CI), cryptocurrency wallet files, system data, and .env files and developer tokens.

The maintainers added that the payload also reached the project’s Docker image since the release package workflow that uploads to PyPi also pushes to Docker.

Besides releasing a clean version, the Elementary team also rotated the PyPI publish token, GitHub token, Docker registry credentials, and other secrets. The vulnerable GitHub Action workflow was also removed, while other workflows were thoroughly audited.

Wiz was also brought in to investigate and fortify Elementary’s defenses. So far, no one has claimed responsibility for the attack.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.