New malicious PyPi packages with info-stealers identified

Instant messaging platform Discord is being converted by 12 malicious PyPi packages into an information-stealing backdoor facilitating web browser- and Roblox-stored data exfiltration, reports BleepingComputer. Snyk researchers discovered that password-stealing malware is being deployed by the malicious packages, which impersonate thread management and hacking modules, as well as Roblox tools. One of the packages dubbed "cyphers" was found to contain two malware executables, the first of which named "ZYXMN.exe" allowing the theft of browser-stored data, including browser and search histories, passwords, and cookies, while the other named "ZYRBX.exe" enables the theft of Roblox data, including user IDs, account cookies, Robux balances, and account status. All of the malicious PyPi packages continue to be available in the open source package repository, according to Snyk. Meanwhile, a separate report from Kaspersky highlighted two other malicious PyPi packages dubbed "pyquest" and "ultrarequests," which feature Discord client modification capabilities and info-stealing malware. Cryptocurrency wallet, Steam, and Minecraft credentials are being targeted by the said packages.