11 Malicious PyPI Python Libraries Stealing Discord Tokens and Installing Shells | Cybersecurity скачать в хорошем качестве

11 Malicious PyPI Python Libraries Stealing Discord Tokens and Installing Shells | Cybersecurity

Investigators from JFrog uncovered 11 harmful Py packages in the Py Package Index (PyPI) collection that may be used to acquire Discord access tokens, passwords, and even carry out dependency confusion attacks. The main purpose of this method is to deceive the target's package manager into downloading and installing a dangerous module. This technique utilizes identical names for genuine internal private packages with a higher version and public repository downloads. The sophisticated evasion methods utilized in these malware packages, such as novel exfiltration or even DNS tunneling, demonstrate a worrying development: attackers are becoming stealthier in their assaults on open-source code. Since this batch of harmful files may not possess the exact 'teeth' as earlier ones, the amount of expertise with which they are delivered is noteworthy. That's not grabbing your money in full view, yet there's a bit of deception happening with these packs, but some of them could also be planning a repeat assault after the first investigation, rather than executing a very revealing content, to begin with." The study comes to an end. python #hacking #news #cybersecurity