GSD-2022-1000073

See a problem?

Import Source

https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1000xxx/GSD-2022-1000073.json

JSON Data

https://api.osv.dev/v1/vulns/GSD-2022-1000073

Withdrawn

2023-03-14T07:04:18.327667Z

Published

2022-02-02T18:51:06.691479Z

Modified

2023-03-14T07:04:18.327667Z

Summary

malicious code in PyPi Easyfuncsys version all

Details

In the PyPi Easyfuncsys package there is malicious code that appears to be stealing Discord tokens allowing it to access Discord as that user, additionally it steals leveldb files, and runs a suspicious EXE.

References

https://blog.sonatype.com/malicious-roblox-cookie-and-discord-token-stealers-hit-pypi-repository
https://pepy.tech/project/Easyfuncsys

GSD-2022-1000073

Affected packages