Installation of the discordpydebug package, which has amassed 11,574 downloads since being uploaded in March 2022, triggers communications with an external server providing commands enabling the compromise of credentials, tokens, and configuration files, as well as subsequent payload downloads, according to a report from the Socket Research Team. "While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective," said Socket, which also noted the package's circumvention of firewalls and security tools via outbound HTTP polling. Such findings come after Socket disclosed the proliferation of 45 library impersonating npm packages allowing malicious script execution, data exfiltration, and persistence without being detected by security systems. All of the packages have been associated with a lone threat actor.
DevOps, Malware, Threat Intelligence
RAT-laced PyPI package sets sights on Discord developers

(Adobe Stock)
The Hacker News reports.
Installation of the discordpydebug package, which has amassed 11,574 downloads since being uploaded in March 2022, triggers communications with an external server providing commands enabling the compromise of credentials, tokens, and configuration files, as well as subsequent payload downloads, according to a report from the Socket Research Team. "While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective," said Socket, which also noted the package's circumvention of firewalls and security tools via outbound HTTP polling. Such findings come after Socket disclosed the proliferation of 45 library impersonating npm packages allowing malicious script execution, data exfiltration, and persistence without being detected by security systems. All of the packages have been associated with a lone threat actor.
Discord bot developers have been targeted with the new malicious utility-spoofing Python Package Index repository "discordpydebug" that has been injected with a remote access trojan, Installation of the discordpydebug package, which has amassed 11,574 downloads since being uploaded in March 2022, triggers communications with an external server providing commands enabling the compromise of credentials, tokens, and configuration files, as well as subsequent payload downloads, according to a report from the Socket Research Team. "While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective," said Socket, which also noted the package's circumvention of firewalls and security tools via outbound HTTP polling. Such findings come after Socket disclosed the proliferation of 45 library impersonating npm packages allowing malicious script execution, data exfiltration, and persistence without being detected by security systems. All of the packages have been associated with a lone threat actor.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds