Cybersecurity researchers have identified malicious Python packages on PyPI designed to validate stolen emails against TikTok and Instagram APIs, aiding threat actors in targeting accounts. These packages, now removed, facilitate reconnaissance and exploitation activities impacting #PyPI #Instagram #TikTok systems.
Keypoints
- Malicious Python packages on PyPI can verify whether an email is linked to TikTok or Instagram accounts.
- Threat actors use these tools for account validation, enabling spam, doxing, and credential stuffing attacks.
- Packages like βsteinlurksβ and βsinnercoreβ target multiple API endpoints to mimic legitimate app behavior and evade detection.
- Advanced backdoor techniques have been embedded in some packages, potentially linking to sophisticated hacking groups like Phoenix Hyena.
- Other malicious packages on npm and PyPI exploit chat and developer tools to exfiltrate sensitive data and credentials.
Read More: https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html