Offending PyPI Packages Have Been Removed That Affected Roblox & Discord users
According to the latest reports by Kyle Suero, Snyk’s lead researcher, the malware is also expected to steal Google Chrome data or pilfer passwords and bookmarks from Windows machines to spindle throughout all accounts. However, all of these offending packages have been removed from PyPI. The point that is unclear right now is we don’t know how many times they were downloaded before. For those who have installed it, the result is a W4SP Stealer infection, using which attackers can steal Discord tokens, saved cookies, and passwords from browsers in separate threads. Attacks on code repositories have been increasing on a daily basis. According to ReversingLabs, attacks on npm and PyPI collectively spiked from 259 in 2018 to 1,010 in 2021. It is a 290% increase which is really very sad as it is affecting millions. Tomislav Peričin, co-founder and chief software architect at ReversingLabs stated in a recent report that: Also Read: Apple Collects Less Data As Compared To Google & Other Companies: Report (phoneworld.com.pk)
