Discord bot developers have been targeted with the new malicious utility-spoofing Python Package Index repository "discordpydebug" that has been injected with a remote access trojan, The Hacker News reports.
Installation of the discordpydebug package, which has amassed 11,574 downloads since being uploaded in March 2022, triggers communications with an external server providing commands enabling the compromise of credentials, tokens, and configuration files, as well as subsequent payload downloads, according to a report from the Socket Research Team. "While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective," said Socket, which also noted the package's circumvention of firewalls and security tools via outbound HTTP polling. Such findings come after Socket disclosed the proliferation of 45 library impersonating npm packages allowing malicious script execution, data exfiltration, and persistence without being detected by security systems. All of the packages have been associated with a lone threat actor.
Installation of the discordpydebug package, which has amassed 11,574 downloads since being uploaded in March 2022, triggers communications with an external server providing commands enabling the compromise of credentials, tokens, and configuration files, as well as subsequent payload downloads, according to a report from the Socket Research Team. "While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective," said Socket, which also noted the package's circumvention of firewalls and security tools via outbound HTTP polling. Such findings come after Socket disclosed the proliferation of 45 library impersonating npm packages allowing malicious script execution, data exfiltration, and persistence without being detected by security systems. All of the packages have been associated with a lone threat actor.
