Skip to content
The Nexus
SECURITYApr 27 · 15:17 UTCBLEEPING COMPUTERBill Toulas

PyPI package with 1.1M monthly downloads hacked to push infostealer

A malicious version of the 'elementary-data' Python package on PyPI was pushed by an attacker to steal sensitive developer data and cryptocurrency wallets. The package, with 1.1 million monthly downloads, was compromised to distribute an infostealer.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this