Malicious Open-Source Package Stole User Credentials

An open-source software package, downloaded over one million times monthly, was compromised. A threat actor exploited a vulnerability in the developers' account workflow. This exploit granted access to signing keys and other sensitive information.

On Friday, attackers used this vulnerability to release a malicious version of element-data. This command-line interface helps users monitor machine-learning systems. The compromised package, version 0.23.3, was published to the Python Package Index and Docker image accounts. It was removed approximately twelve hours later on Saturday.

When executed, the malicious package searched systems for sensitive data. This included user profiles, warehouse credentials, cloud provider keys, application programming interface (API) tokens, and Secure Shell (SSH) keys. Developers stated that users who installed this version should assume their credentials may have been exposed. Elementary Cloud, the Elementary dbt package, and other command-line interface versions were not affected.

The threat actor accessed the developers' account by exploiting a vulnerability in a GitHub action. They posted malicious code to a pull request. This allowed them to run a bash script within the developer's account. The script retrieved sensitive data, including account tokens and signing keys. These were then used to publish the malicious element-data package.

Developers learned of the compromise from a third-party issue report. They removed the package within three hours. All credentials accessed by the malicious code were rotated. The vulnerability has been fixed, and other GitHub actions were audited. Supply-chain attacks on open-source repositories have become more frequent over the last decade.