elementary-data PyPI package publishes credential stealer

Summary

If you installed elementary-data==0.23.3, the malware activated on every Python startup before your code ran, exfiltrating all accessible credentials (AWS, GCP, Azure, Snowflake, Kubernetes, SSH) regardless of whether you explicitly imported the package. This affects data engineers running the CLI against connected warehouses and any developer machine where the package was installed.

Why it matters

If you installed elementary-data==0.23.3, the malware activated on every Python startup before your code ran, exfiltrating all accessible credentials (AWS, GCP, Azure, Snowflake, Kubernetes, SSH) regardless of whether you explicitly imported the package. This affects data engineers running the CLI against connected warehouses and any developer machine where the package was installed.

Sources

1. 1.elementary-data is a dbt-native data observability CLI tool used by data and analytics engineers to monitor pipeline health, detect anomalies, and track test failures across data warehouses like Snowflake, BigQuery, Redshift, and Databricks
2. 2.over 1.1 million per month
3. 3.The vulnerable run: block directly interpolated ${{ github.event.comment.body }} into a shell script before bash parsing occurred
4. 4.Any line in a .pth file that begins with import is executed as Python code at interpreter startup, before your own code runs
5. 5.Installing it is sufficient
6. 6.the decoded payload: Harvested credentials and secrets across the filesystem, targeting a broad set of material: dbt profiles (~/.dbt/profiles.yml) and data warehouse credentials (Snowflake, BigQuery, Redshift, Databricks). Cloud provider credentials: AWS ~/.aws/credentials plus live role credentials fetched from the IMDSv2 metadata endpoint
7. 7.Left a marker file at $TMPDIR/.trinny-security-update (Linux/macOS) or %TEMP%\.trinny-security-update (Windows), indicating the malware executed at least once