Malicious PyPI Package Impersonates Discord Tool to Steal Tokens
/ 1 min read
🦠 Malicious PyPI Package Targets Discord Developers to Steal Tokens. A harmful package named ‘pycord-self’ has been discovered on the Python Package Index (PyPI), designed to deceive Discord developers by mimicking the legitimate ‘discord.py-self’ package. This malicious software, which has been downloaded 885 times since its addition in June 2022, steals Discord authentication tokens and establishes a backdoor for remote access to victims’ systems. The package operates stealthily, allowing attackers to hijack accounts and maintain persistent access, even bypassing two-factor authentication. Security experts advise developers to verify package sources and scrutinize code to mitigate risks associated with such malicious packages.
