3 sources verified·1 min read
By Lyrie Threat Intelligence·4/27/2026
PyPI package with 1.1M monthly downloads hacked to push infostealer
Source: BleepingComputer
Published: Mon, 27 Apr 2026 11:17:37 -0400
Summary
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]
Sources
Lyrie Verdict
Lyrie's autonomous defense layer flags this class of exposure the moment it surfaces — no signature update required.