A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox.

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting arbitrary code execution ...

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks. On April 23rd, 2022, a Discord user with the handle “Portu” began advertising a ...

The client then uses a Discord webhook to send the user's email address, login name, user token, plain text password and IP address to a Discord channel controlled by the attacker.

Discord webhooks are used to automate messages based on activities in other applications: for example, the official documentation describes making a bot that notifies a channel of new GitHub commits.