Open source package with 1M monthly downloads stole user credentials

An open source package downloaded over 1 million times each month was hijacked after attackers found a way to exploit a flaw in the developers’ account workflow. The breach allowed the threat actor to steal signing keys and other critical credentials.

On Friday, unknown attackers leveraged this vulnerability to release a tampered version of element-data, a command-line tool used to monitor performance and detect anomalies in machine-learning systems. Once executed, the malicious package began scanning environments for sensitive information, including user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys, according to the developers. The rogue version, tagged 0.23.3, was uploaded to the developers’ Python Package Index and Docker image accounts. It was removed roughly 12 hours later, on Saturday. The Elementary Cloud platform, the Elementary dbt package, and all other CLI versions remained unaffected.

Assume compromise

“Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed,” the developers warned.

The attacker gained access by exploiting a vulnerability in a GitHub action the developers had created. By injecting malicious code into a pull request, the threat actor triggered a bash script that executed within the developer’s account. That script then retrieved the sensitive data. Armed with account tokens and signing keys, the attacker published a malicious version of element-data that was nearly identical to the legitimate one.

The developers learned about the breach from a third-party issue report. Within three hours, the malicious package was taken down. Element developers said they also rotated all credentials the malicious code had accessed. They have since patched the vulnerability and audited all other GitHub actions to ensure none contain the same flaw.