Python developers are under attack again: attackers aim to steal Discord account data along with data stored in various browsers.
Cybersecurity researchers at Snyk recently spotted a dozen malicious packages uploaded to PyPi, the largest Python code repository, with more than 600,000 active users.
The packages were uploaded almost a month ago by a threat called “scarycoder”. They claim to provide users with various functionalities, Roblox tools, stream management and more. Instead, researchers found, all the packages do is steal sensitive information.
Theft of passwords
Different packs are able to steal different things. Some focus on data stored in browsers such as Google Chrome, Chromium, Microsoft Edge, Firefox and Opera. Data is stored passwords (opens in a new tab), browser history, cookies and search history. Others install backdoors directly into the Discord client, stealing authentication tokens, Nitro status, payment information, and credit card data.
One of the malware attacks Roblox as mentioned below by stealing account cookies, user IDs, Robux balance and Premium status.
PyPi administrators are relatively slow to respond, the publication claims, adding that this is probably not due to negligence, but because the entire project is run by a few volunteers who simply cannot keep up with the tidal wave of malware downloads.
However, the slow response means that many Python developers will remain vulnerable to various viruses, malware (opens in a new tab)and other forms of attacks.
Spectralops experts recently found 10 malicious packages on the PyPi platform. All of them have been given names that almost match the names of the legitimate packages in order to force developers to download and accept the corrupted packages. This practice is called typosquatting and is quite common in the development community.
Via: BleepingComputer (opens in a new tab)