Carding tool abusing WooCommerce API downloaded 34K times on PyPI

2025-04-06 14:17

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. [...]

News URL

https://www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/

#API #woocommerce

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Woocommerce		32	0	42	21	3	66
Pypi		15	0	0	1	15	16