Summary: A malicious package named ‘pycord-self’ has been discovered on the Python package index (PyPI), targeting Discord developers to steal authentication tokens and establish a backdoor for remote control. This package masquerades as the legitimate ‘discord.py-self’ library, which has a significant user base. The malicious code enables attackers to hijack accounts and maintain persistent access to victims’ systems.
Threat Actor: Unknown | unknown
Victim: Discord developers | Discord developers
Keypoints :
- The ‘pycord-self’ package has been downloaded 885 times and was added to PyPI in June 2022.
- It steals Discord authentication tokens, allowing attackers to hijack accounts without credentials.
- The package sets up a backdoor for continuous access, running stealthily in the background.