Dossier
sensitive developer data
Coverage of sensitive developer data in the Nexus archive.
- PyPI package with 1.1M monthly downloads hacked to push infostealer
A malicious version of the 'elementary-data' Python package on PyPI was pushed by an attacker to steal sensitive developer data and cryptocurrency wallets. The package, with 1.1 million monthly downloads, was compromised to distribute an infostealer.