Files

osint-articles
- 2025-01-02 Hackers Hijack 35 Google Chrome Extensions in Phishing Campaign
- 2025-01-03 Malicious Obfuscated npm Package Deploys Quasar RAT
- 2025-01-06 Beware Fake Game Sites Steal Your Information
- 2025-01-07 Eagerbee Backdoor Targets Middle Eastern Government and ISPs
- 2025-01-07 FireScam Android Malware Poses as Telegram Premium to Steal Data
- 2025-01-09 Neglected Domains Fuel Malspam to Bypass Email Security Measures
- 2025-01-09 Researchers Expose NonEuclid RAT's Advanced Evasion Techniques
- 2025-01-10 CrowdStrike Job Offers Used to Deploy Crypto Miners
- 2025-01-10 Stealer Evades Detection with Apple XProtect Encryption
- 2025-01-10 Stealer Masquerades as LDAPNightmare PoC Exploit
- 2025-01-13 AI-Driven Ransomware FunkSec Targets 85 Victims with Double Extortion
- 2025-01-14 WordPress Skimmers Evade Detection by Injecting Malicious Code into Database Tables
- 2025-01-15 Hackers Use FastHTTP for High-Speed Microsoft 365 Password Attacks
- 2025-01-16 Hackers Exploit Google Search Ads to Hijack Google Ads Accounts
- 2025-01-17 Python-Based Malware Powers RansomHub's Exploitation of Network Flaws
- 2025-01-17 Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
- 2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers
  - iocs.txt
  - readme.md
- 2025-01-20 New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts
- 2025-01-21 DoNot Team Linked to New Tanzeem Android Malware for Intelligence Collection
- 2025-01-22 PNGPlug Loader Delivers ValleyRAT Malware to Chinese-Speaking Regions
- 2025-01-22 Ransomware Gangs Pose as IT Support in Microsoft Teams Phishing Attacks
- 2025-01-24 Cybercrime Connections Shared Codebase Links Morpheus and HellCat Ransomware
- 2025-01-24 Juniper VPN Gateways Under Siege The Stealthy Rise of Magic Packet Malware
- 2025-01-24 QakBot-Linked BC Malware Evolves with Enhanced Remote Access and Data Gathering
- 2025-01-27 Hacker Turns Tables on 18,000 Script Kiddies with Deceptive Malware Builder
- 2025-01-27 Hackers Exploit Windows RID Hijacking for Stealthy Admin Account Creation
- 2025-01-29 PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
- 2025-01-30 New Aquabotv3 Botnet Malware Targets Mitel Command Injection Vulnerability
- 2025-02-03 Crazy Evil Gang Exploits Crypto with Advanced Social Engineering and Malware
- 2025-02-03 Malvertising Scam Exploits Google Ads to Hijack Advertiser Accounts
- 2025-02-04 DeepSeek AI Tools Impersonated by Infostealer Malware on PyPI
- 2025-02-05 Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
- 2025-02-05 North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
- 2025-02-05 macOS Infostealers Exploiting macOS Environments
- 2025-02-06 Crypto-Stealing Apps Surface in Apple's App Store for the First Time
- 2025-02-06 Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials
- 2025-02-06 Sophos Warns of Novel SVG Phishing Tactics Bypassing Security Measures
- 2025-02-07 Fake Google Chrome Sites Spreading ValleyRAT Malware Through DLL Hijacking
- 2025-02-07 Kimsuky Hackers Deploy New Custom RDP Wrapper for Remote Access Exploits
- 2025-02-07 Microsoft Warns Exposed ASP.NET Keys Used for Malware Deployment
- 2025-02-12 Cybercriminals Use ClickFix Technique to Deploy NetSupport RAT
- 2025-02-13 BadPilot Network Hacking Fuels Russian Sandworm's Global Cyber Attacks
- 2025-02-14 FINALDRAFT Malware Exploits Microsoft Graph API for Espionage
- 2025-02-14 Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
- 2025-02-17 Microsoft Hackers Steal Emails Using Device Code Phishing Attacks
- 2025-02-18 New Golang-Based Backdoor Leverages Telegram for Evasive C2 Operations
- 2025-02-19 New FrigidStealer Malware Targets macOS Users via Fake Browser Updates
- 2025-02-20 Invisible Unicode Used in Phishing Trick
- 2025-02-20 Russian Phishing Campaigns Exploit Signal’s Device-Linking Feature
- 2025-02-25 New Malware Campaign Spreading via Cracked Software
- 2025-02-26 Auto-Color Linux Backdoor Targets North American Governments and Universities
- 2025-02-26 GitVenom Malware Campaign Hijacks GitHub Repos to Steal Cryptocurrency
- 2025-02-27 VSCode Extensions with 9 Million Installs Removed Due to Hidden Security Threats
- 2025-02-28 PayPal’s No-Code Checkout Exploited by Scammers in Sophisticated Ad Fraud Scheme
- 2025-03-04 Hackers Leverage AWS Misconfigurations for Phishing via SES and WorkMail
- 2025-03-04 New ClickFix Phishing Attack Unleashes Havoc C2 via Microsoft SharePoint
- 2025-03-05 New Polyglot Malware Targets Aviation and Satellite Firms in UAE
- 2025-03-06 Seven Malicious Go Packages Caught Deploying Malware on Linux and macOS Systems
- 2025-03-07 Akira Ransomware Exploits Unsecured Webcam to Encrypt Network and Evade EDR
- 2025-03-07 Malvertising Campaign Infected Nearly 1 Million PCs Worldwide
- 2025-03-10 Microsoft Warns of North Korean Hackers Using Qilin Ransomware in Cyberattacks
- 2025-03-11 Desert Dexter Malware Campaign Infects 900+ Victims via Facebook Ads and Telegram Links
- 2025-03-12 North Korean Lazarus Hackers Target Developers with Malicious npm Packages
- 2025-03-12 AI-Powered Fake GitHub Repos Distribute SmartLoader and Lumma Stealer Malware
- 2025-03-13 CISA Warns of Medusa Ransomware Targeting Over 300 Critical Infrastructure Organizations
- 2025-03-13 North Korean Android Spyware 'KoSpy' Sneaks Onto Google Play in Covert Campaign
- 2025-03-13 The Dark Side of Sports Betting Mirror Sites Fueling Gambling Scams
- 2025-03-14 ClickFix Phishing Campaign Targets Hospitality Sector with Fake Booking.com Emails
- 2025-03-14 Obscure#Bat Malware Campaign Deploys Rootkit via Fake CAPTCHA Pages
- 2025-03-14 SuperBlack Ransomware Exploits Fortinet Auth Bypass Flaws in Targeted Attacks
- 2025-03-17 Black Basta Ransomware Unleashes Automated VPN Brute-Forcing Tool 'BRUTED'
- 2025-03-18 New StilachiRAT Malware Targets Crypto Wallets and System Reconnaissance
- 2025-03-19 Unpatched Windows Zero-Day Fuels State-Sponsored Cyber Espionage Since 2017
- 2025-03-20 DollyWay Malware Campaign Compromises Over 20,000 WordPress Sites
- 2025-03-20 Dragon RaaS Pro-Russian Hacktivists Leverage Five Families Legacy in Cybercrime Push
- 2025-03-24 Medusa Ransomware Deploys Malicious ABYSSWORKER Driver to Neutralize Anti-Malware Defenses
- 2025-03-31 Crocodilus Malware Targets Android Users’ Crypto Wallets with Deceptive Overlays
- 2025-03-31 Morphing Meerkat PhaaS Leverages DNS-over-HTTPS to Slip Past Security Defenses
- 2025-04-01 North Korean Lazarus Group Deploys ClickFix Attacks to Target Crypto Industry
- 2025-04-02 Over 1,500 PostgreSQL Servers Hijacked in Stealthy Fileless Crypto Mining Campaign
- 2025-04-02 QR Code Phishing Surge Attackers Innovate with Redirects and Turnstile Evasion
- 2025-04-04 Hunters International Rebrands as World Leaks and Pivots to Pure Data Extortion
- 2025-04-04 Microsoft Flags Tax-Themed Phishing Surge Using PDFs and QR Codes to Deploy Malwar
- 2025-04-08 EncryptHub’s Double Game Cybercrime Turned Windows Bug Bounty Hunter
- 2025-04-08 Malicious VSCode Extensions Sneak Cryptominers onto Windows Systems
- 2025-04-11 AkiraBot’s AI-Powered Spam Campaign Hits 420,000 Websites with CAPTCHA-Evading Tactics
- 2025-04-11 Malicious npm Package Targets Crypto Wallets with Persistent Clipper Malware
- 2025-04-11 Russian Gamaredon Hackers Target Western Military Mission with Malicious USB Drives
- 2025-04-11 U.S. Toll Road Smishing Scams A Growing Threat to Drivers Nationwide
- 2025-04-15 BPFDoor’s Hidden Controller Fuels Stealthy Cyberespionage Across Asia and the Middle East
- 2025-04-15 ResolverRAT Malware Targets Global Pharma and Healthcare with Stealthy Phishing Attacks
- 2025-04-15 Slow Pisces Deploys Custom Python Malware in Coding Challenge Scam Targeting Crypto Developers
- 2025-04-18 57 Chrome Extensions with 6 Million Installs Caught with Hidden Tracking Code
- 2025-04-18 State-Sponsored Hackers from Iran, North Korea, and Russia Leverage ClickFix for Targeted Malware Attacks
- 2025-04-18 Windows NTLM Hash Leak Vulnerability Exploited in Phishing Attacks Targeting Governments
- 2025-04-21 Interlock Ransomware Gang Deploys ClickFix Attacks with Fake IT Tools to Breach Networks
- 2025-04-21 SuperCard X Android Malware Exploits NFC Relay Attacks for Payment Fraud
- 2025-04-22 Russian Bulletproof Host Proton66 Fuels Global Cyberattacks and Malware Surge
- 2025-04-22 State-Sponsored Hackers Adopt ClickFix Tactic for Sophisticated Espionage Campaigns
- 2025-04-24 ToyMaker - Initial Access Broker Fuels Cactus Ransomware with LAGTOY Backdoor
- template
threat-hunting-scripts
.gitignore
README.md

2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

Name		Name	Last commit message	Last commit date
parent directory ..
iocs.txt		iocs.txt
readme.md		readme.md

readme.md

Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

A malicious package named 'pycord-self' on PyPI has been caught stealing Discord authentication tokens from developers, with over 800 downloads so far. This incident underscores the ongoing risks of typosquatting in open-source ecosystems.

Key takeaways:

🚨 Malicious Package: 'pycord-self', a typosquatting package on PyPI, has been identified as a tool for stealing Discord authentication tokens.

💻 Developer Risk: This package targets developers, leveraging the trust placed in open-source platforms to execute its malicious activities.

🔐 Token Theft: Once installed, it can exfiltrate Discord tokens, potentially compromising both personal and professional accounts.

🌐 Widespread Exposure: With over 800 downloads, the impact could be significant, highlighting vulnerabilities in software supply chains.

🛑 Action Advised: Developers are urged to check their systems for this package and to use package verification tools to avoid similar threats in the future.

🔗 https://buff.ly/4hnuFT6

Package Content

iocs.txt: List of all Indicators of Compromise (IOCs) in the article. All network-based indictors.

Note

Use the following scripts in threat-hunting-scripts to help you hunt:

verify-iocs-vt.py: Verify IOCs using VirusTotal Community API.
iocs-to-cs.py: Upload IOCs to CrowdStrike Falcon IOC Management for detection and blocking.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

readme.md

Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

Package Content

Files

2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

Directory actions

More options

Directory actions

More options

Latest commit

History

2025-01-20 Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

Folders and files

parent directory

readme.md

Malicious PyPI Package 'pycord-self' Steals Discord Auth Tokens from Developers

Package Content