SECURITYBLEEPING COMPUTER
PyPI package with 1.1M monthly downloads hacked to push infostealer
A malicious version of the 'elementary-data' Python package on PyPI was pushed by an attacker to steal sensitive developer data and cryptocurrency wallets. The package, with 1.1 million monthly downloads, was compromised to distribute an infostealer.
Mentioned