Malware4 min read
PyPI Package With 1.1M Downloads Hijacked to Push Infostealer
Attackers compromised elementary-data version 0.23.3 on PyPI, pushing malicious code to 1.1 million monthly users. The infection extended to Docker images via automated workflows.
James RiveraMay 4, 2026