A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. Security firm Socket discovered the malicious package and found that it pirates music by hardcoding Deezer credentials to download media and scrape metadata from the platform. The malicious package contains hardcoded Deezer account credentials to log in to the service or uses those supplied by the user to create an authenticated session with the service's API. Next, the script uses internal API calls to request full-length streaming URLs and retrieve the entire audio file, bypassing the 30-second preview Deezer allows for public access. The C2-oriented operation suggests that the threat actor is actively monitoring and coordinating the piracy activity rather than simply providing a passive piracy tool, which raises the risk of introducing more malicious behaviors in future updates. Even though piracy tools aren't commonly seen as malware, automslc uses command-and-control (C2) infrastructure for centralized control, potentially co-opting unsuspecting users into a distributed network. Deezer is a music streaming service available in 180 countries that offers access to over 90 million tracks, playlists, and podcasts. The automslc package can repeatedly request and download tracks without restriction, effectively allowing mass-scale piracy. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 26 Feb 2025 17:00:31 +0000