A dozen malicious PyPi packages have been discovered installing malware that modifies the Discord client to become an information-sealing backdoor and stealing data from web browsers and Roblox.

The Python Package Index (PyPI) registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting arbitrary code execution ...

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

The client then uses a Discord webhook to send the user's email address, login name, user token, plain text password and IP address to a Discord channel controlled by the attacker.

A vulnerability in Discord invites can be leveraged as part of a "multi-stage payload delivery" system.

The npm security team has removed a malicious JavaScript library from the npm portal that was designed to steal sensitive files from an infected users' browser and Discord application.