DevOps, Malware, Threat Intelligence

RAT-laced PyPI package sets sights on Discord developers

cyber crime assessment , security awareness , malware detection

Discord bot developers have been targeted with the new malicious utility-spoofing Python Package Index repository "discordpydebug" that has been injected with a remote access trojan, The Hacker News reports.

Installation of the discordpydebug package, which has amassed 11,574 downloads since being uploaded in March 2022, triggers communications with an external server providing commands enabling the compromise of credentials, tokens, and configuration files, as well as subsequent payload downloads, according to a report from the Socket Research Team. "While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective," said Socket, which also noted the package's circumvention of firewalls and security tools via outbound HTTP polling. Such findings come after Socket disclosed the proliferation of 45 library impersonating npm packages allowing malicious script execution, data exfiltration, and persistence without being detected by security systems. All of the packages have been associated with a lone threat actor.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds