TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Snyk Blog

Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers

2026-04-27 · Read original ↗

ATT&CK techniques detected

8 predictions
T1195.001Compromise Software Dependencies and Development Tools
93%
“malicious release of elementary - data pypi package steals cloud credentials from data engineers malicious release of elementary - data pypi package steals cloud credentials from data engineers april 27, 2026 0 mins reada python package on pypi called elementary - data, with over…”
T1195.001Compromise Software Dependencies and Development Tools
92%
“v1. 82. 8 compromise. it is more persistent and harder to detect than embedding malicious code in _ _ init _ _. py because it does not require the victim to import the poisoned package. installing it is sufficient. inside the payload : what the malware did the embedded code in el…”
T1041Exfiltration Over C2 Channel
83%
“. pgpass, ~ /. my. cnf, api tokens in environment variables. cryptocurrency wallet files ( bitcoin, litecoin, dogecoin, zcash, dash, monero, ripple, ethereum, cardano, solana validator keypairs ). system files : / etc / passwd, / etc / shadow, shell history files, / var / log / a…”
T1195.001Compromise Software Dependencies and Development Tools
64%
“later. this attack vector has appeared repeatedly in the pypi ecosystem. the ultralytics supply chain attack in december 2024 used the same pull _ request _ target injection pattern to steal credentials and publish four malicious versions. the litellm compromise in early 2026 too…”
T1195.002Compromise Software Supply Chain
40%
“cryptocurrency miner ), the litellm attack ( early 2026, poisoned trivy action, credential stealer with persistent backdoor ), and the cline / clinejection incident ( ai - assisted prompt injection into actions, stolen tokens ). the pattern is not novel. the tooling to exploit it…”
T1204.005Malicious Library
38%
“later. this attack vector has appeared repeatedly in the pypi ecosystem. the ultralytics supply chain attack in december 2024 used the same pull _ request _ target injection pattern to steal credentials and publish four malicious versions. the litellm compromise in early 2026 too…”
T1059.006Python
35%
“later. this attack vector has appeared repeatedly in the pypi ecosystem. the ultralytics supply chain attack in december 2024 used the same pull _ request _ target injection pattern to steal credentials and publish four malicious versions. the litellm compromise in early 2026 too…”
T1195.001Compromise Software Dependencies and Development Tools
34%
“. anyone to whom the following applies should assume the malware has executed and that their credentials have been exfiltrated : ran pip install elementary - data or upgraded during that window, used a docker image pulled from the elementary - data registry between april 24, 22 :…”

Summary

Attackers exploited a GitHub Actions script injection vulnerability to publish a malicious version of the elementary-data Python CLI (v0.23.3), embedding a credential-stealing backdoor that targeted dbt profiles, cloud provider keys, and SSH secrets from data engineering environments.