Cybersecurity researchers have uncovered a malicious Python package on PyPI that appears harmless but actually contains a remote access trojan (RAT). The package, discordpydebug, can execute commands, read/write files, and exfiltrate sensitive data, posing a security threat to developers and systems. (Affected: PyPI users and affected development environments)
Keypoints :
- The package discordpydebug was uploaded to PyPI in March 2022 and has over 11,500 downloads.
- It masquerades as a simple utility for Discord bot developers but contains a fully functional RAT.
- The RAT contacts an external server and can read/write files, run shell commands, and exfiltrate data.
- It uses outbound HTTP polling to bypass firewalls and security tools, increasing its effectiveness.
- Similar malicious packages have been found across multiple ecosystems, all linked to the same threat actor.
- The packages contain obfuscated code designed to evade detection and maintain persistence.
- This campaign highlights risks in software supply chain security and the importance of vetting open-source packages.
Read More: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html