AL2021_49 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells (26th November 2021)

On November 19, 2021, it was reported that the operators of the Python Package Index (PyPI) have removed 11 Python libraries from their portal for various malicious behaviors, including the collection and theft of user data, passwords, and Discord access tokens and the installation of remote access shells for remote access to infected systems. These 11 packages are importantpackage / important-package, pptest, ipboards, owlmoon, DiscordSafety, trrfab, 10Cent10 / 10Cent11, yandex-yt and yiffparty.


The Security team at JFrog reported that the 11 packages were cumulatively downloaded and installed more than 41,000 times from the PyPI repository. The packages however did not appear to be developed by the same author since each package contained a different malicious characteristic and method of withdrawing data from infected systems.

How They Work

Two of the packages, “importantpackage / important-package” and “10Cent10 / 10Cent11” were found using a connect-back shell on infected systems, giving the attacker full control over the system.

The package “importantpackage” also stands out for its unusual exfiltration method to evade network-based detection, which involves using Fastly's content delivery network (CDN) to mask its communications with the attacker-controlled server as communication with

Two other packages “ipboards” and “trrfab” posed as legitimate dependencies designed to be automatically imported by taking advantage of a technique called dependency confusion. Dependency confusion works by uploading to public repositories several infected components with names that are exactly the same as the legitimate internal private packages, but with a higher version, effectively forcing the target's package manager to download and install the malicious module.

The two packages “ipboards” and “pptest” uses the DNS tunneling technique which allows an attacker to encode information to send to the C2 server in ASCII, prepend it to the name of his/her own domain and send a DNS query. The legitimate DNS server will redirect this package to the C2 server.

The malicious code "causes an HTTPS request to be sent to, which later gets rerouted by the CDN as an HTTP request to the command-and- control server," JFrog researchers explained.


These Python packages have since been removed from the repository following responsible disclosure.

The Guyana National CIRT recommends that users and administrators review this alert.
PDF Download: Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells.pdf