elementary-data Python Library Compromised with Infostealer
A supply chain attack targeted the popular Python library elementary-data, which boasts over 1.1 million monthly downloads. An attacker successfully published a malicious version, 0.23.3, which includes an infostealer. This compromise exposes any projects relying on that specific version to credential theft and other data exfiltration risks.
According to Cyber News - Erez Dasa, a corrected version, 0.23.4, has already been released. This swift response is crucial, but the window of exposure for developers and organizations that automatically pull dependencies or havenβt updated their builds is significant. The incident highlights the persistent risk in open-source supply chains.
Defenders must assume compromise if they were using elementary-data version 0.23.3. The attackerβs calculus here is clear: target high-volume dependencies to maximize reach with minimal effort. An infostealer in a developer library is a direct path to internal systems and credentials.
What This Means For You
- If your development pipelines or applications use the `elementary-data` Python library, immediately check for version 0.23.3 in your dependencies. Upgrade to version 0.23.4 or later without delay. Any systems that ran code using the malicious version should be treated as compromised; initiate incident response procedures, revoke API keys, and rotate credentials used in those environments.
π‘οΈ Detection Rules
3 rules Β· 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β export to any SIEM format via the Intel Bot.
Supply Chain Compromise: elementary-data v0.23.3 Malicious Package
Written by SCW Threat Desk