A malicious package named 'pycord-self' on PyPi has been discovered, designed to steal Discord authentication tokens and establish a backdoor for remote system control. This package mimics the legitimate 'discord.py-self' library, which allows developers to interact with Discord’s user API.
The malicious version, downloaded 885 times, steals Discord tokens and sends them to an external server, enabling attackers to hijack accounts even with two-factor authentication enabled. Additionally, it sets up a persistent backdoor by opening a connection to a remote server, allowing continuous access through a system shell.
Despite being flagged, the package was verified by PyPi and remains on the platform. Developers are urged to verify package sources carefully, review code for suspicious elements, and use scanning tools to detect potential threats.
Read more...