Malicious elementary-data Python Package Exploits GitHub Actions to Steal Cloud Credentials

Attackers exploited a GitHub Actions script injection vulnerability to publish a malicious version (v0.23.3) of the elementary-data Python CLI package on PyPI. The compromised release contained a credential-stealing backdoor targeting dbt profiles, cloud provider keys, and SSH secrets from data engineering environments. No specific dates, CVE IDs, or victim counts were disclosed in the report. The attack focused on exfiltrating sensitive credentials used in cloud and development workflows. The malicious package was distributed via the official PyPI repository, posing a supply chain risk to users installing the affected version.