The developers urge all developers who have installed version 0.23.3 to immediately take the following steps:
1. Check your installed version:
pip show elementary-data | grep Version2. If the version is 0.23.3, remove it and replace it with a secure version:
pip uninstall elementary-data
pip install elementary-data==0.23.4Explicitly include elemental-data==0.23.4 in your requirements and lock files.
3. Clear your cache files to avoid any artifacts.
4. Check the malware marker file on any machine running the CLI: If this file exists, the payload is executed on that machine.
macOS / Linux: /tmp/.trinny-security-update
Windows: %TEMP%\\.trinny-security-update5. Convert any credentials accessible from the environment running 0.23.3 – dbt profiles, repository credentials, cloud provider keys, API tokens, SSH keys, and the contents of any .env files. CI/CD runners are particularly exposed because they typically have extensive sets of secrets installed at runtime.
6. Contact your security team to look for unauthorized use of opened credentials. The relevant IOCs are: below this post.
Supply chain attacks on open source repositories have become increasingly common over the past decade. In some cases, they have achieved a chain of compromises, as the malicious package leads to a breach of users, which in turn leads to breaches of users’ environments.
HD Moore, a hacker with more than four decades of experience and founder and CEO of runZero, said user-created repository workflows such as GitHub operations are notorious for hosting vulnerabilities.
This is “a major problem for open source projects with an open repo,” he said. “It’s really hard not to create dangerous workflows that can be accidentally exploited by an attacker with a pull request.”
he said this package can be used to check for vulnerabilities such as
