The developers are urging all developers who installed version 0.23.3 to take the following steps immediately:
1. Check your installed version:
pip show elementary-data | grep Version
2. If the version is 0.23.3, uninstall it and replace it with the safe version:
pip uninstall elementary-data
pip install elementary-data==0.23.4
In your requirements and lockfiles, pin explicitly to elementary-data==0.23.4.
3. Delete your cache files to avoid any artifacts.
4. Check for the malware’s marker file on any machine where the CLI may have run: If this file is present, the payload executed on that machine.
macOS / Linux: /tmp/.trinny-security-update
Windows: %TEMP%.trinny-security-update
5. Rotate any credentials that were accessible from the environment
→ Continue reading at Ars Technica