MAL-2026-6549
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/discord-token-generator/MAL-2026-6549.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2026-6549
- Published
- 2026-06-27T20:52:32Z
- Modified
- 2026-06-27T21:46:00.389782022Z
- Summary
- Malicious code in discord-token-generator (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (93b4fe1006dee186a1cbe4513b0f0c127912724aed5b3caf6bca4b0f27294b99)
During import, package executes the embedded executable. It is an infostealer named internally as "NBSteal", focused on exfiltrating data from browsers, Telegram, Discord, Roblox and other gaming platforms, and other credentials.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-discord-token-generator
Reasons (based on the campaign):
infostealer
files-exfiltration
obfuscation
exfiltration-browser-data
malware
target:telegram
exfiltration-credentials
- Database specific
{ "iocs": { "domains": [ "nbbtest.bnfdkfq156.workers.dev" ], "urls": [ "https://nbbtest.bnfdkfq156.workers.dev/" ] }, "malicious-packages-origins": [ { "versions": [ "1.0.0", "1.0.1", "1.0.2", "1.0.3" ], "modified_time": "2026-06-27T20:52:32.20789Z", "sha256": "93b4fe1006dee186a1cbe4513b0f0c127912724aed5b3caf6bca4b0f27294b99", "id": "pypi/2026-06-discord-token-generator/discord-token-generator", "source": "kam193", "import_time": "2026-06-27T21:27:44.805103099Z" } ] }- References
- Credits
-
-
- Kamil MaĆkowski (kam193) - REPORTER
-
Affected packages
PyPI / discord-token-generator
Package
- Name
- discord-token-generator
- View open source insights on deps.dev
- Purl
- pkg:pypi/discord-token-generator