Malicious PyPi packages turn Discord into password-stealing malware

Python developers are under attack once again, with attackers looking to steal Discord account details along with data stored in various br...

Python developers are under attack once again, with attackers looking to steal Discord account details along with data stored in various browsers

Cybersecurity researchers from Snyk have recently spotted a dozen malicious packages, uploaded to PyPi, the biggest Python code repository out there, with more than 600,000 active users. 

The packages were uploaded almost a month ago, by a threat actor called “scarycoder”. They claim to provide the users with various functionalities, Roblox tools, thread management, and others. Instead, the researchers have found, all the packages do is steal sensitive information.

Stealing passwords 

Different packages are capable of stealing different things. Some are focused on data stored in browsers such as Google Chrome, Chromium, Microsoft Edge, Firefox, and Opera. The data includes stored passwords, browser history, cookies, and search history. Others are installing backdoors directly into the Discord client, stealing authentication tokens, Nitro status, billing information, and credit card data.

One of the malicious programs attacks Roblox, it was further said, stealing account cookies, user IDs, Robux balance, and Premium status. 

PyPi’s administrators are relatively slow to respond, the publication states, adding that it’s probably not due to negligence, but rather due to the fact that the entire project is run by a handful of volunteers who simply can’t keep up with a tidal wave of malware uploads. 

Still, the slow response means many of Python developers will remain exposed to various viruses, malware, and other forms of attacks.

Experts from Spectralops recently found 10 malicious packages on the PyPi platform. All of these were given names that are almost identical to the names of legitimate packages in order to dupe developers into downloading, and adopting, the tainted ones. The practice is called typosquatting, and it’s quite a common occurrence in the developer community.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/YQxrzPm
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3857,Business,150,Camera,1155,Earn $$$,2,Gadgets,1740,Games,926,GTA,1,Innovations,2,Mobile,1696,Paid Promotions,4,Promotions,4,Sports,1,Technology,7961,Trailers,796,Travel,37,Trending,3,Trendly News,24425,TrendlyNews,1,Video,5,XIAOMI,13,YouTube - 9to5Google,1,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Malicious PyPi packages turn Discord into password-stealing malware
Malicious PyPi packages turn Discord into password-stealing malware
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/08/malicious-pypi-packages-turn-discord.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/08/malicious-pypi-packages-turn-discord.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy