The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary advises an immediate update.
An attacker uploaded a manipulated version 0.23.3 of the Python data monitoring tool, elementary-data, to PyPI. The fake release steals credentials such as SSH keys, AWS credentials, API tokens, and wallet files for various cryptocurrencies.
The provider Elementary has since removed the compromised package, but it was able to cause damage for nearly half a day.to PyPI on April 25th at 0:20 AM CEST, followed by a compromised Docker image that found its way into the GitHub Container Registry at 0:24 AM. A little over 11 hours later, on April 25th at 11:45 AM, the elementary team removed the malicious files and replaced them with, and other versions of the CLI tool were not affected by this incident.
The provider has since also published aaccording to pypistats.org, making the open-source CLI one of the most widely used monitoring and diagnostic tools for dbt-based data platforms. In the event of a successful attack, the chances of gaining access to corresponding secrets are therefore also high. The attacker exploited a script injection vulnerability in one of elementary-data's GitHub Actions workflows to execute their code within the pipeline. Using the automatically provided GITHUB_TOKEN, they then triggered the release workflow.
They had introduced a pull request with malicious code for this purpose but did not need to merge it or directly modify the master branch. The malicious code is located in the elementary.pth file, found in the package's site-packages directory, and targets a wide range of sensitive data: SSH keys, AWS cloud credentials, and secrets for Docker and Kubernetes. Wallet files for cryptocurrencies such as Bitcoin, Litecoin, Dogecoin, and Ethereum are also among the targets.
The stolen data was compiled into the file trin.tar.gz and exfiltrated to the addresselementary-data==0.23.4In addition, the team recommends deleting cache files and searching for the malware's marker file on all potentially affected systems: on macOS and Linux, it is located under /tmp/.trinny-security-update, and on Windows under %TEMP%.trinny-security-update. If the file is present, the malware was active on the respective system.
In parallel, the Elementary team has rotated the PyPI publish token, the GitHub token, and the Docker registry credentials, removed the vulnerable GitHub Actions workflow, and checked all remaining workflows. Links zu verschenkten Artikeln werden ungültig, wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
IT Lieferketten-Angriff Python Security Sicherheitslücken
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
„Copy Fail“: Linux-root in allen großen Distributionen mit 732 Byte PythonDie Entdecker haben die root-Lücke im Linux-Kernel „Copy Fail“ getauft. Alle größeren Distributionen seit 2017 sind betroffen.
Read more »
ProFTPD: Codeschmuggel durch mod_sql möglichDer FTP-Server ProFTPD bringt ein Modul mod_sql mit. Es enthält eine SQL-Injection-Schwachstelle, die am Ende zur Ausführung von untergejubeltem Code führt.
Read more »
Script Injection und Datenklau: Python-Datenanalyse-Tool geknacktDas beliebte Python-Paket zur Überwachung der Datenqualität war kurzzeitig als bösartige Version verfügbar. Anbieter Elementary rät umgehend zum Update.
Read more »
'Copy Fail': Linux root in all major distributions with 732 bytes of PythonThe discoverers have named the root vulnerability 'Copy Fail'. All major distributions since 2017 are affected.
Read more »
Quantum Data Energy PLC - SuspensionDJ Quantum Data Energy PLC - Suspension Financial Conduct Authority (-) Quantum Data Energy PLC - Suspension 01-May-2026 / 07:30...
Read more »
Twilio vor neuem Wachstumspfad: Wie KI-Deals das schwächelnde Cloud-Unternehmen strategisch drehen sollenTwilio steht nach Jahren nachlassender Dynamik an einem möglichen Wendepunkt: Die jüngsten KI-Partnerschaften und der Fokus auf die Data-&-Applications-Sparte könnten laut einer auf Seeking Alpha veröffentlichten
Read more »