Malicious PyPi package steals Discord auth tokens from devs
Malicious PyPi package steals Discord auth tokens from devs
www.bleepingcomputer.com
Just a moment...
1 comments
-
the malicious package was added to PyPi last year in June and has been downloaded 885 times so far.
That's a pretty long time to go undetected. Makes you wonder how many other similar packages there currently are, yet to be discovered, in PyPi, npm and others.