Fake PyPi package attempts to steal Discord data from programmers

A new malware is on the loose, targeting Python programmers’ Discord accounts. It goes by the name pycord-self and has recently been discovered. This malicious package focuses on stealing login credentials from Discord users, who are likely to be mostly programmers. What’s interesting is that it tries to mimic the name of the well-known and legitimate package “discord.py-self,” which has a whopping 28 million downloads. However, pycord-self contains malicious code that infects programmers’ systems.

Once it gains access to victims’ Discord login credentials, this sneaky package can be used for spamming and other nefarious schemes. But that’s not all. It also installs a backdoor on infected systems, giving attackers remote control over them. Yikes!

According to Socket, a security company, pycord-self was unleashed on the internet back in June of last year and has been downloaded a staggering 885 times since then. Despite researchers alerting the PyPI platform, the package is still available for download. This is a concerning situation, to say the least.

As always, programmers are advised to be cautious about the packages they install on their systems. It’s crucial to verify the source and reputation of any package before hitting that install button. Avoiding low-reputation or unknown packages is a wise move. Additionally, using security tools can help prevent potential attacks.

It’s a reminder that even in the world of programming, where we strive for innovation and collaboration, there are those who seek to exploit and harm. Stay vigilant, fellow programmers, and keep your systems secure.