Summary: A malicious package named ‘pycord-self’ has been discovered on the Python package index (PyPI), targeting Discord developers to steal authentication tokens and establish a backdoor for remote control. This package masquerades as the legitimate ‘discord.py-self’ library, which has a significant user base. The malicious code enables attackers to hijack accounts and maintain persistent access to victims’ systems.

Threat Actor: Unknown | unknown
Victim: Discord developers | Discord developers

Keypoints :

• The ‘pycord-self’ package has been downloaded 885 times and was added to PyPI in June 2022.
• It steals Discord authentication tokens, allowing attackers to hijack accounts without credentials.
• The package sets up a backdoor for continuous access, running stealthily in the background.