What's new

Malicious Python packages stole Discord tokens and credit card details

Mr.Smith

Amateur
Support Staff
Joined
Jun 19, 2021
Messages
92
Reaction score
4
Points
37
Malicious Python packages stole Discord tokens and credit card details

Two packages allowed a remote attacker to run malicious commands on the victim's device.


Operators of the official repository of Python Package Index (PyPI) components have removed eight libraries (pytagora, pytagora2, noblesse, genesisbot, are, suffer, noblesse2 and noblessev2) containing malicious code.

The malicious packages were detected by the JFrog cybersecurity team and were grouped into two categories based on their malicious operations. Two packages (pytagora and pytagora2) allowed a remote attacker to run malicious commands on the victim's device, forcing the infected system to connect to the attacker's IP address via TCP port 9009 and then execute any malicious Python code.

The other six packages (noblesse, genesisbot, are, suffer, noblesse2, and noblessev2) worked primarily to steal data. Once installed on a computer, they stole data, focusing on general system information, Discord tokens and user payment card information (stolen from installed browsers Google Chrome, Opera, Brave, etc.).

These eight libraries have been downloaded more than 30,000 times before being removed from the PyPI repository.
 
Top