CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Malicious PyPI package elementary-data 0.23.3 backdoored via GitHub Actions workflow injection

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

An attacker injected malicious code into the elementary-data PyPI package (version 0.23.3, 1.1M monthly downloads) to distribute an infostealer targeting developer credentials and cryptocurrency wallets. The compromise stemmed from a GitHub Actions script injection flaw exploited via a malicious comment in a pull request, which triggered workflow execution under the project’s GITHUB_TOKEN. This enabled the attacker to forge a signed commit and tag (v0.23.3), triggering the legitimate release pipeline to publish the backdoored package to PyPI and a malicious Docker image to GitHub Container Registry. The infostealer, delivered via elementary.pth, targeted SSH keys, Git credentials, cloud provider secrets, Kubernetes/Docker/CI secrets, .env files, developer tokens, cryptocurrency wallet files (Bitcoin, Litecoin, Dogecoin, Zcash, Dash, Monero, Ripple), system data, and logs. Exposure occurred through unpinned version installations and Docker image pulls (tags 0.23.3 and :latest).

Timeline

  1. 27.04.2026 18:17 1 articles · 2h ago

    Backdoored elementary-data 0.23.3 released after GitHub Actions workflow injection exploit

    An attacker exploited a GitHub Actions script injection flaw via a malicious pull request comment to execute attacker-controlled code in the project’s workflow. This exposed the GITHUB_TOKEN, enabling the attacker to forge a signed commit (v0.23.3) and trigger the release pipeline, publishing elementary-data 0.23.3 to PyPI and a malicious Docker image to GitHub Container Registry. The malicious release included elementary.pth, an infostealer targeting developer credentials, cloud secrets, CI/Kubernetes configurations, and cryptocurrency wallet files. The payload was also present in the Docker image due to the project’s release workflow.

    Show sources
    Open in new tab

Information Snippets

  • The elementary-data package (PyPI, 1.1M monthly downloads) was compromised via a malicious 0.23.3 release that included an infostealer payload.

    First reported: 27.04.2026 18:17
    1 source, 1 article
    Show sources

  • The attack vector was a GitHub Actions script injection flaw, triggered by a malicious comment on a pull request that executed attacker-controlled shell code in the project’s workflow.

    First reported: 27.04.2026 18:17
    1 source, 1 article
    Show sources

  • The injected code exposed the workflow’s GITHUB_TOKEN, enabling the attacker to forge a signed commit (v0.23.3) and trigger the legitimate release pipeline, publishing the backdoored package to PyPI and a malicious Docker image to GitHub Container Registry.

    First reported: 27.04.2026 18:17
    1 source, 1 article
    Show sources

  • The malicious payload, delivered via elementary.pth, automatically executed at startup and targeted SSH keys, Git credentials, cloud credentials (AWS/GCP/Azure), Kubernetes, Docker, and CI secrets, .env files, developer tokens, cryptocurrency wallet files (Bitcoin, Litecoin, Dogecoin, Zcash, Dash, Monero, Ripple), system data (/etc/passwd, logs, shell history), and other sensitive files.

    First reported: 27.04.2026 18:17
    1 source, 1 article
    Show sources

  • The same payload was present in the project’s Docker image (tags ghcr.io/elementary-data/elementary:0.23.3 and :latest) due to a build-and-push-docker-image job in the release workflow.

    First reported: 27.04.2026 18:17
    1 source, 1 article
    Show sources

  • Users who installed elementary-data==0.23.3 or pulled the Docker image with tags 0.23.3 or :latest without pinned versions are potentially compromised and should rotate all secrets and restore environments from a known safe state.

    First reported: 27.04.2026 18:17
    1 source, 1 article
    Show sources