Instant messaging platform Discord is being converted by 12 malicious PyPi packages into an information-stealing backdoor facilitating web browser- and Roblox-stored data exfiltration, reports BleepingComputer.
Snyk researchers discovered that password-stealing malware is being deployed by the malicious packages, which impersonate thread management and hacking modules, as well as Roblox tools. One of the packages dubbed "cyphers" was found to contain two malware executables, the first of which named "ZYXMN.exe" allowing the theft of browser-stored data, including browser and search histories, passwords, and cookies, while the other named "ZYRBX.exe" enables the theft of Roblox data, including user IDs, account cookies, Robux balances, and account status.
All of the malicious PyPi packages continue to be available in the open source package repository, according to Snyk.
Meanwhile, a separate report from Kaspersky highlighted two other malicious PyPi packages dubbed "pyquest" and "ultrarequests," which feature Discord client modification capabilities and info-stealing malware.
Cryptocurrency wallet, Steam, and Minecraft credentials are being targeted by the said packages.
BleepingComputer reports that widespread malvertising campaigns by initial access broker DEV-0569 that exploit Google Ads are underway, facilitating malware distribution, password theft, and network breaches.
Novel detection evasion techniques have been employed by the Emotet malware-as-a-service operation, which has been attributed to the TA542 cybercrime group, also known as Mummy Spider or Crestwood, in its resurgence following being taken down in early 2021, according to The Hacker News.