The Python Package Index (PyPI) registry has removed several Python packages aimed at stealing users’ credit card numbers and Discord tokens. Security researchers have analyzed several malicious Python packages that they caught on the PyPI registry. The malicious packages were published under three different PyPI accounts and are estimated to have scored over 30,000 downloads put together, according to the researchers’ report. Most of the packages steal Discord token stealers, credit cards, and web-browser files, although some provide attackers with code execution abilities.
Source: https://www.bleepingcomputer.com/news/security/pypi-packages-caught-stealing-credit-card-numbers-discord-tokens/