Security News > 2021 > July > PyPI packages caught stealing credit card numbers, Discord tokens
The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers.
Malware steals credit card numbers, browser files, Discord tokens.
Package name Maintainer Payload noblesse xin1111 Discord token stealer, Credit card stealer genesisbot xin1111 Same as noblesse aryi xin1111 Same as noblesse suffer suffer Same as noblesse , obfuscated by PyArmor noblesse2 suffer Same as noblesse noblessev2 suffer Same as noblesse pytagora leonora123 Remote code injection pytagora2 leonora123 Same as pytagora.
Most of the packages steal Discord tokens, credit card numbers, and web-browser files, although some provide attackers with code execution abilities.
Different packages under the noblesse family obtain the user's Discord authentication tokens and web-browser files that store credit card numbers.
This report from JFrog comes just a few weeks after malicious cryptomining packages were caught by Sonatype on PyPI. And, just this month, following an advisory from ReversingLabs, npm removed packages aimed at stealing Chrome browser credentials via legitimate password recovery tools.