Open source package with 1 million monthly downloads stole user credentials
Malicious v0.23.3 scraped SSH keys, API tokens, and cloud credentials.
On Friday, unknown attackers exploited a vulnerability in a GitHub Action workflow to compromise the element-data CLI, an open-source tool with over 1 million monthly downloads used for monitoring ML system performance. The attackers posted malicious code to a pull request that ran a bash script inside the developer's account, retrieving signing keys and tokens. They then published version 0.23.3 of element-data to PyPI and Docker Hub, which appeared nearly identical to legitimate versions.
When executed, the malicious package systematically scoured systems for sensitive data including user profiles, warehouse credentials, cloud provider keys, API tokens, SSH keys, and .env file contents. The package was removed about 12 hours later after a third-party report. Element developers have rotated all compromised credentials, fixed the GitHub Actions vulnerability, and audited all other workflows. They urge users to check for the marker file at /tmp/.trinny-security-update (Linux/Mac) or %TEMP%\.trinny-security-update (Windows), and rotate any credentials accessible from affected environments.
- Threat actors exploited a GitHub Actions vulnerability to steal signing keys and publish malicious v0.23.3
- Malicious package scraped SSH keys, API tokens, cloud provider keys, and warehouse credentials
- Package removed after 12 hours; users must check for marker file and rotate all exposed credentials
Why It Matters
Supply-chain attacks on popular packages can expose critical infrastructure credentials across thousands of organizations.