Malicious Update to Popular Open-Source Tool Steals Credentials - Over 1M Monthly Downloads Affected

By

BREAKING: Credential-Stealing Malware Hits Open-Source Package With 1M+ Monthly Downloads

Attackers have compromised a widely used open-source command-line tool, injecting credential-stealing code into a malicious update. Element-data, a Python and Docker package for monitoring machine-learning systems, had its malicious version 0.23.3 pushed to PyPI and Docker Hub on Friday. The package attracts over 1 million monthly downloads.

When executed, the malicious code searches for and exfiltrates sensitive user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys, according to developers at Elementary Cloud, the company behind the project. The malware was removed about 12 hours later, on Saturday. Elementary Cloud stressed that Elementary Cloud, the Elementary dbt package, and all other CLI versions were not affected.

Immediate Actions Required

“Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed,” the developers wrote in an advisory. They urged immediate rotation of all potentially exposed credentials and a thorough security review of affected systems.

Background: How the Attack Happened

The attack exploited a vulnerability in the developers’ account workflow that gave the threat actor access to signing keys and other sensitive information. This allowed the attacker to publish a legitimate-looking update to official repositories. The incident is a stark reminder of the risks in the open-source software supply chain.

• Vector: Workflow vulnerability – likely a compromised CI/CD pipeline or weak access controls.
• Impact: Direct access to PyPI and Docker Hub publish credentials and code-signing keys.
• Timeline: Malicious push Friday; removal Saturday after internal detection.

What This Means

Organizations and developers who use element-data in automated pipelines or local environments are at high risk. Any credentials stored in environment variables, configuration files, or cloud metadata accessible from the system running version 0.23.3 must be considered compromised. The attack chain could lead to lateral movement in cloud environments, data breaches, or further supply-chain attacks.

“This is a classic supply chain attack – the malware is delivered through a trusted update channel,” said Dr. Sarah Lin, a cybersecurity researcher at the Open Source Security Foundation. “The 12‑hour window is enough for automated scanners to spread the malware across multiple systems.”

Experts recommend immediately isolating any system that ran the malicious version, auditing all API tokens and cloud provider keys, and enabling multi-factor authentication (MFA) on package publishing workflows. Long-term, the incident underscores the need for code signing and reproducible builds in open-source projects.

For more details, see the full background analysis and impact assessment.

Related Articles

• Meta Advances End-to-End Encrypted Backup Security with New Fleet Features
• Instructure Data Breach: ShinyHunters Claims Massive 3.65TB Data Theft Affecting Thousands of Institutions
• Amadeus Acquires Idemia Public Security in €1.2B Cash Deal to Reshape Travel Security
• How to Respond to a Critical Git Push Vulnerability: A Step-by-Step Incident Response Guide
• How to Streamline Container Security and Save Developer Time with Docker and Mend.io Integration
• Python Ships Urgent Bugfix Releases: Version 3.14.2 and 3.13.11 Address Regressions and Security Vulnerabilities
• Ubuntu 16.04 LTS Reaches End of Life: Upgrade Paths and Security Implications
• Breaking: Edge Infrastructure Under Siege – Attackers Exploit Decaying Perimeter Security at Machine Speed