PyPI Python | Malicious Libraries
11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells
KhetaguriDimitri
2
440
11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells
Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks
The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog —
importantpackage / important-package
pptest
ipboards
owlmoon
DiscordSafety
trrfab
10Cent10 / 10Cent11
yandex-yt
yiffparty
