Malicious Packages – TheCyberThrone

Malicious package found on NPM and PYPi Registries

Researchers have discovered malicious packages on the npm and PyPi open-source registries, which could cause issues if unwittingly downloaded by developers. In January, Researchers found 691 malicious npm packages and…

PravinKarthik February 14, 2023

Rouge Package in PyPI Repository

Researchers have discovered three malicious PyPI packages on the PyPI repository that were uploaded by the same actor, Lolip0p. The packages were discovered on January 10, 2023, and the packages…

PravinKarthik January 17, 2023

LofyLife steals Discord tokens

Researchers have discovered an attack campaign named Lofylife that uses malicious npm packages, targeting Discord users to steal Discord tokens and users’ card data. The Python malware is a modified…

PravinKarthik July 29, 2022

Malicious PyPi Packages Plants Shell

Researchers uncovered 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access…

PravinKarthik November 19, 2021