An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets.

The dangerous release is 0.23.3, and it extended to the Docker image due to the package’s workflow that creates the image from the code and uploads it to a container registry for deployment.

Community member crisperik spotted the malicious upload and opened an issue on the project’s GitHub on Saturday, alerting the maintainer and decreasing the exposure window.