Carding tool abusing WooCommerce API downloaded 34K times on PyPI

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. The script specifically targeted WooCommerce stores using the CyberSource payment gateway to validate cards, which is a key step for carding actors who need to evaluate thousands of stolen cards from dark web dumps and leaked databases to determine their value and potential exploitation. Although the package has been removed from PyPI, its high download counts show the sheer volume of abuse for these types of malicious operations. "Unlike typical supply chain attacks that rely on deception or typosquatting, disgrasya made no attempt to appear legitimate," explains a report by Socket researchers. "It was openly malicious, abusing PyPI as a distribution channel to reach a wider audience of fraudsters." Of particular interest is the brazen abuse of PyPi to host a package th ... Read full article.