Top open source PyPI package with over 1 million downloads each month hacked to send out malware

Pro Security Top open source PyPI package with over 1 million downloads each month hacked to send out malware News By Sead Fadilpašić published 28 April 2026 This was not a case of stolen credentials, experts say When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Gil C / Shutterstock) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter A widely used PyPI package was recently compromised through a malicious updateThe attack leveraged a GitHub Actions workflow to push infostealer code into a releaseMaintainers quickly issued a clean version, rotated credentials, and began an external investigationA popular Python Package Index (PyPI) package has been compromised and used to deliver malware to its users, experts have warned.A user recently warned maintainers of the Elementary package that the newest version, 0.23.3, contained “malicious base64 encoded code”. The maintainers soon responded, confirming the news, releasing a clean update (0.23.4), and notifying other users.The elementary-data package is an open source data observability tool for Data Build Tool (dbt). It is used mostly by data engineers and analytics engineers working with data pipelines, and apparently, it is rather popular in the dbt ecosystem, with more than a million monthly downloads on PyPI.Article continues below You may like Top LLM PyPl package compromised to steal user details - here's what we know Major compromise of the telnyx PyPI library could put millions of users at risk Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe Deploying an infostealer“An attacker opened a PR with malicious code and exploited a script-injection vulnerability in one of our GitHub Actions workflows to publish it as release 0.23.3,” the maintainers explained. “Users who ran 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed.”It was also confirmed that Elementary Cloud and the Elementary dbt package were not affected, and neither were other versions of the CLI.The malicious code acted as an infostealer, grabbing SSH keys, Git credentials, cloud credentials, various secrets (Kubernetes, Docker, CI), cryptocurrency wallet files, system data, and .env files and developer tokens.The maintainers added that the payload also reached the project’s Docker image since the release package workflow that uploads to PyPi also pushes to Docker. window.sliceComponents = window.sliceComponents || {}; externalsScriptLoaded.then(() => { window.reliablePageLoad.then(() => { var componentContainer = document.querySelector("#slice-container-newsletterForm-articleInbodyContent-YUfnJfXe4CuW4zp3zxAMBM"); if (componentContainer) { var data = {"layout":"inbodyContent","header":"Are you a pro? Subscribe to our newsletter","tagline":"Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!","formFooterText":"By submitting your information you agree to the <a href=\"https:\/\/futureplc.com\/terms-conditions\/\" target=\"_blank\">Terms & Conditions<\/a> and <a href=\"https:\/\/futureplc.com\/privacy-policy\/\" target=\"_blank\">Privacy Policy<\/a> and are aged 16 or…

This excerpt is published under fair use for community discussion. Read the full article at TechRadar.