Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

Cybersecurity researchers have uncovered a malicious Python package on PyPI that appears harmless but actually contains a remote access trojan (RAT). The package, discordpydebug, can execute commands, read/write files, and exfiltrate sensitive data, posing a security threat to developers and systems. (Affected: PyPI users and affected development environments)

Keypoints :

  • The package discordpydebug was uploaded to PyPI in March 2022 and has over 11,500 downloads.
  • It masquerades as a simple utility for Discord bot developers but contains a fully functional RAT.
  • The RAT contacts an external server and can read/write files, run shell commands, and exfiltrate data.
  • It uses outbound HTTP polling to bypass firewalls and security tools, increasing its effectiveness.
  • Similar malicious packages have been found across multiple ecosystems, all linked to the same threat actor.
  • The packages contain obfuscated code designed to evade detection and maintain persistence.
  • This campaign highlights risks in software supply chain security and the importance of vetting open-source packages.

Read More: https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html