PyPI Package elementary-data Compromised to Distribute Infostealer Malware

A malicious version of the elementary-data package on the Python Package Index (PyPI) was compromised to distribute an infostealer targeting developers. The package had over 1.1 million monthly downloads before the attack. The malware was designed to exfiltrate sensitive data, including cryptocurrency wallet credentials, from infected systems. No specific threat actor, CVE ID, or exact date of the compromise was disclosed in the report. The attack highlights risks associated with supply chain compromises in open-source repositories. The impacted package was identified and removed from PyPI following the discovery.