Python developers are under attack again, with attackers looking to steal Discord account information, along with data stored in various browsers.
Cybersecurity researchers at Snyk recently discovered a dozen malicious packages uploaded to PyPi, the largest Python coding repository out there, with more than 600,000 active users.
The packages were uploaded almost a month ago by a threat actor called “scarycoder”. They claim to provide the users with various functionalities, Roblox tools, thread management and others. Instead, the researchers found that all packets steal sensitive information.
Different packages can steal different things. Some target data stored in browsers such as Google Chrome, Chromium, Microsoft Edge, Firefox, and Opera. The data includes saved passwords (opens in new tab), browser history, cookies and search history. Others install backdoors directly into the Discord client and steal authentication tokens, Nitro status, billing information, and credit card information.
One of the malicious programs attacks Roblox, it was further said, stealing account cookies, user IDs, Robux balance and Premium status.
PyPi’s administrators have been relatively slow to respond, the publication states, adding that this is likely not due to negligence, but rather the entire project being run by a handful of volunteers who are hosting a tidal wave of malware uploads.
Still, the slow response means that many Python developers are exposed to various viruses, malware (opens in new tab)and other forms of attacks.
Spectralops experts recently found 10 malicious packages on the PyPi platform. All of these were given names that are almost identical to the names of legitimate packages to trick developers into downloading and adopting the compromised packages. The practice is called typosquatting and it is a common occurrence in the developer community.
Through: BleepingComputer (opens in new tab)