ch0k1 on Nostr: Malicious PyPi package steals Discord auth tokens from devs ...
Malicious PyPi package steals Discord auth tokens from devs
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-steals-discord-auth-tokens-from-devs/
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.
The package mimics the highly popular 'discord.py-self,' which has nearly 28 million downloads, and even offers the functionality of the legitimate project.
originally posted at https://stacker.news/items/854867
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-steals-discord-auth-tokens-from-devs/
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.
The package mimics the highly popular 'discord.py-self,' which has nearly 28 million downloads, and even offers the functionality of the legitimate project.
originally posted at https://stacker.news/items/854867