CyberSecurityBoard
Sponsor Register Login

Malicious Python Package Mimic as Attacking Discord Developers With Malicious Remote Commands

The package specifically targeted developers building or maintaining Discord bots-typically indie developers, automation engineers, or small teams who might install such tools without extensive security scrutiny. Following identification, the malicious package was reported to PyPI’s security team and subsequently removed, but the incident highlights the ongoing challenges in securing open source supply chains against increasingly sophisticated social engineering attacks. While presenting itself as a helpful debugging utility for developers working with the Discord.py library, the package contained malicious code designed to establish backdoor access to victims’ systems. A seemingly innocent Python package has been unmasked as a sophisticated remote access trojan (RAT) targeting the Discord developer community. Socket.dev Push researchers identified that the package operated as a fully functional remote access trojan, creating a covert command and control channel while maintaining a legitimate-looking façade. The researchers discovered that despite having no README documentation or detailed description, the package managed to accumulate over 11,000 downloads, placing thousands of developer systems at risk of unauthorized access and data exfiltration. The social nature of Discord’s developer community, where tips and code snippets are frequently shared through servers and direct messages, creates an environment where malicious packages can spread rapidly through trusted channels. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. By targeting Discord bot developers, the attackers gained potential access to Discord bot tokens, user data, and server information. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The infected systems could be leveraged for lateral movement within networks or as staging grounds for more sophisticated attacks against Discord’s wider user base. The malware’s design allows it to bypass many firewalls and security monitoring tools through outbound HTTP polling rather than inbound connections. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The technical analysis of the malware reveals its sophisticated yet straightforward approach to maintaining persistent control.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 09 May 2025 17:40:16 +0000


Cyber News related to Malicious Python Package Mimic as Attacking Discord Developers With Malicious Remote Commands

Malicious Python Package Mimic as Attacking Discord Developers With Malicious Remote Commands - The package specifically targeted developers building or maintaining Discord bots-typically indie developers, automation engineers, or small teams who might install such tools without extensive security scrutiny. Following identification, the ...
1 week ago Cybersecuritynews.com
Python 2 EOL: Coping with Legacy System Challenges - Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July 3, 2010 and was officially maintained and supported until January 1, 2020. At that point, when the Python 2 EOL phase began, the legacy ...
1 year ago Securityboulevard.com
Malicious PyPi package hides RAT malware, targets Discord devs since 2022 - The attackers could use the malware to gain unauthorized access to credentials and more (e.g., tokens, keys, and config files), steal data and monitor system activity without being detected, remotely execute code for deploying further ...
2 weeks ago Bleepingcomputer.com
Discord adds Security Key support for all users to enhance security - Discord has made security key multi-factor authentication available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users. The popular social platform first highlighted the ...
1 year ago Bleepingcomputer.com
Bloomberg Crypto X account snafu leads to Discord phishing attack - The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link ...
1 year ago Bleepingcomputer.com Scattered Spider
Building For a More Secure Future: How Developers Can Prioritize Cybersecurity - At the time, he was breaking new ground, repeating those words to help convince his teams on how crucial developers were going to be to the success of their platform. While the focus may have been initially on enterprise B2B platforms with Microsoft, ...
1 year ago Cyberdefensemagazine.com
New Python-Based Discord RAT Attacking Users to Steal Login Credentials - Content == "Sending Command #2 - Password Stealer" and message.channel.id == channelid: username = os.getlogin() try: passwords = open(f"C:/Users/{username}/AppData/Local/Google/Chrome/User Data/Default/Login Data", "rb").read() await ...
1 month ago Cybersecuritynews.com
Protect your Discord account with a Security Key - Users of the chat app Discord may now protect their accounts using security keys. The developers of Discord have added the option to the existing arsenal of multi-factor authentication options that the service supports. Discord users are encouraged ...
1 year ago Ghacks.net
Mastering Cybersecurity: Developer Training - Discover how to create an effective and engaging training program for your developers. Create a security training program with clearly defined goals to influence your developers to prioritize learning. Developers are likelier to participate and exert ...
1 year ago Feeds.dzone.com Equation
DPython's Poisoned Package: Another 'Blank Grabber' Malware in PyPI - Python Package Index is a platform that offers an extensive range of packages to simplify and enhance the development process. Malicious actors regularly upload phishing packages in the platform's repository aimed at delivering malware to steal the ...
1 year ago Imperva.com
North Korean Hackers Employs Social Engineering Tactics & Python Script - The attackers employ a dual approach: meticulously crafted social engineering schemes combined with elegantly disguised Python code to gain initial access to target systems. Behind the scenes, the code establishes connections to command and control ...
1 month ago Cybersecuritynews.com
New Weaponized PyPI Package Attacking Developers to Steal Source Code - A newly discovered malicious Python package, solana-token, has been weaponized to steal source code and sensitive secrets from developers working on Solana blockchain applications. Uploaded to the Python Package Index (PyPI), the module masqueraded ...
1 week ago Cybersecuritynews.com
Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
11 months ago Securitylabs.datadoghq.com
New Mimic Ransomware Abuses Windows Search Tool to Attack Victims - A new ransomware threat has been discovered that abuses the Windows Search Tool to locate and encrypt sensitive data. Dubbed Mimic, the ransomware was identified by malware researchers at Force Point Security Defense. Mimic encrypts a victim’s ...
2 years ago Bleepingcomputer.com
Critical Flaw in AI Python Package Can Lead to System and Data Compromise - A critical vulnerability discovered recently in a Python package used by AI application developers can allow arbitrary code execution, putting systems and data at risk. The issue, discovered by researcher Patrick Peng, is tracked as CVE-2024-34359 ...
1 year ago Packetstormsecurity.com CVE-2024-34359
Hackers Breach Steam Discord Accounts, Launch Malware - On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system. Developer Michael Mayhem revealed that the ...
1 year ago Cysecurity.news
116 Malicious PyPI Packages Downloaded Over 10,000 Times - A cluster of malicious Python projects has been identified in PyPI, the official Python PyPI package repository, which targets both Windows and Linux systems and often deploys a custom backdoor. In certain instances, the ultimate payload consists of ...
1 year ago Cybersecuritynews.com
Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com
Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI - A new set of malicious Python packages has slithered their way to the Python Package Index repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous ...
1 year ago Thehackernews.com
With the Right Support, Developers Can Lead Your Organization to Superior PCI-DSS 4.0 Compliance - The Payment Card Industry Data Security Standard version 4.0 will change almost everything about security for any business or organization that accepts electronic payments, which is a vast majority of them. Make no mistake, this update will be ...
1 year ago Feeds.dzone.com
Shift-left Convergence with Generative AI Improves the Programmer's Role - The ongoing 'shift left' movement in software development - where testing and quality control measures are moved earlier in the application lifecycle - is pushing developers into less familiar areas such as security. While intended to deliver more ...
1 year ago Feedpress.me
Stytch offers toolkit for developers to build, implement, and customize passkey-based authentication - Stytch announced its Passkeys offering, giving developers the easiest way to build, customize and maintain passkey-based authentication in their applications. Stytch's new solution offers a flexible, API-first approach to passkeys that abstracts the ...
1 year ago Helpnetsecurity.com
5 Tips for Strengthening the Developer-Security Team Relationship - COMMENTARY. In the ever-evolving realm of software development, the interaction between developers and security teams is critically important, with security analysts typically depending on developers to address vulnerabilities in previously written ...
1 year ago Darkreading.com
Part 2: Smart Shift Left - In my previous blog post, we discussed the state of the union for shift left and and how many organizations are not implementing correctly. Recognizing the consequences of a poor shift left model. Many of the high friction points with a poor shift ...
1 year ago Feedpress.me
Google Adds Gemini Pro API to AI Studio and Vertex AI - Google also announced Duet AI for Developers and Duet AI in Security Operations, but neither uses Gemini yet. Starting Dec. 13, developers can use Google AI Studio and Vertex AI to build applications with the Gemini Pro API, which allows access to ...
1 year ago Techrepublic.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)