Cybersecurity researchers have found a malicious package on PyPI named discordpydebug, disguised as a harmless tool for Discord development. Released in March 2022, it has been downloaded over 11,000 times. This package functions as a remote access trojan, allowing attackers to read and write files, execute remote commands, and potentially exfiltrate sensitive data. Its unassuming nature and lack of updates make it particularly dangerous, as it can bypass many security measures. This finding is part of a broader trend of malicious packages targeting developers across various ecosystems.
At first glance, it appeared to be a simple utility aimed at developers working on Discord bots using the Discord.py library, however, the package concealed a fully functional remote access trojan (RAT).
While the code does not include mechanisms for persistence or privilege escalation, its simplicity makes it particularly effective. The use of outbound HTTP polling rather than inbound connections allows it to bypass most firewalls and security monitoring tools.
Collection
[
|
...
]