Wednesday, May 7, 2025
Homecyber securityMalicious PyPI Package Attacking Discord Users To Steal Credentials

Malicious PyPI Package Attacking Discord Users To Steal Credentials

Published on

SIEM as a Service

Follow Us on Google News

Hackers often target PyPI packages to exploit vulnerabilities and inject malicious code into widely used Python libraries.

Recently, cybersecurity researchers at FortiGuard Labs identified a malicious PyPI package attacking Discord users to steal credentials.

The malicious PyPI package that was discovered is described as “discordpy_bypass-1.7,” published on March 10th, 2024, and detected on March 12, 2024.

- Advertisement - Google News
discordpy_bypass-1.7 (Source – Fortinet)

The package, authored by Theaos and consisting of seven versions with almost similar characteristics, is intended to obtain sensitive information from the victims via persistence techniques, browser data extraction, and token harvesting.

Technical Analysis

The discordpy_bypass-1.7 PyPI package demonstrates persistent cyber-attacks by using malicious behavior designed to take sensitive data from user systems through code obfuscation and evasion techniques against analysis environments.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

This code employs different checks to detect and quit itself when it runs in a debug or analysis environment, showing attempts to avoid detection.

The coding involves three levels of obfuscation:-

  • base64 encoding the original Python code
  • Encoding with obfuscation techniques
  • Compilation into an executable fetched from a remote URL by discordpy_bypass/discordpy_bypass.py

The code also contains debugging environment detection techniques like checking for blacklisted processes, and the system IP/MAC addresses are compared against blocklists.

Block listed IPs and MACs (Source – Fortinet)

This makes it critical for people to be alert right from the beginning and take initiative regarding such threats.

FortiGuard said that to detect debugging environments; the code quickly checks the system username, hostname, and hardware ID against some blocklists.

Initializing variables and setting up Socket.IO events for remote control and monitoring enable actions such as file operations, directory navigation, and command execution.

Authentication tokens, especially from Discord, are the target for harvesting sensitive browser data such as login credentials, cookies, and web history.

Before uploading them to a remote server, it also decrypts and validates any extracted tokens.

The discordpy_bypass-1.7 code is a smart and stealthy cyber threat that aims to steal crucial system data quietly by using evasive measures to avoid detection and analysis.

This artful “costume” points out online threats and the necessity of being alert and having strong protections in place.

With knowledge of such threats, researchers can design more secure systems to enhance personal information and general safety for users through joint vigilance and cooperation.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...