POPULAR PYTHON PACKAGE HACKED TO STEAL DATA

The elementary-data Python package on PyPI was compromised in a supply chain attack that exposed thousands of developers to information-stealing malware. The package, widely used in development environments, received the malicious update without immediate detection. The infostealer payload targeted sensitive data including API keys, authentication tokens, cryptocurrency wallet information, and other credentials stored on compromised systems. With 1.1 million monthly downloads, elementary-data ranks among the most frequently installed packages on PyPI, making it an attractive target for attackers seeking broad distribution of malware. Detection and Response Security researchers identified the compromised version and reported the issue to PyPI maintainers. The malicious package was removed from the repository, but the damage window remained open long enough for the malware to reach an unknown number of installations. Developers who installed the affected version during the window of compromise should assume their systems may be infected. Recommended actions include rotating all credentials, reviewing account activity for unauthorized access, and checking cryptocurrency wallets for suspicious transactions. Supply Chain Implications The incident underscores the vulnerability of package repositories to account takeover attacks. With millions of developers relying on PyPI for dependencies, compromised packages can rapidly propagate malware across the development ecosystem. PyPI has implemented additional security measures including two-factor authentication requirements and API token security features, but attackers continue to target maintenance accounts with phishing and credential stuffing attacks. Timeline The exact window during which the malicious version was available remains unclear. Users should check their installation history for elementary-data versions from the compromise period and update to a verified clean release immediately. Developers are advised to enable notifications for package updates and maintain strict dependency auditing practices to catch similar supply chain compromises early.