Malicious PyPi package hides RAT malware, targets Discord devs since 2022

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Named "discordpydebug," the package was masquerading as an error logger utility for developers working on Discord bots and was downloaded over 11,000 times since it was uploaded on March 21, 2022, even though it has no description or documentation. Cybersecurity company Socket, which first spotted it, says the malware could be used to backdoor Discord developers' systems and provide attackers with data theft and remote code execution capabilities. "The package targeted developers who build or maintain Discord bots, typically indie developers, automation engineers, or small teams who might install such tools without extensive scrutiny," Socket researchers said. "Since PyPI doesn't enforce deep security audits of uploaded packages, attackers often take advantage of this by using misleading descriptions, legitimate- ... Read full article.