Malicious PyPI Code Hid RAT Targeting Discord Devs

A malicious Python package uploaded to the Python Package Index (PyPI) has been discovered delivering remote access trojan (RAT) malware, with its activity traced back to 2022. The package specifically targets developers involved with Discord, a popular communication platform used by both gamers and developers. Despite being available on PyPI for more than three years, the malware remained undetected, raising concerns about persistent threats within open-source software repositories.

The hidden RAT allows attackers to gain unauthorized access to infected systems, potentially enabling data theft, surveillance, or further exploitation. The discovery underscores ongoing risks in the software supply chain, particularly in widely used developer ecosystems like PyPI. Security experts stress the importance of verifying packages and maintaining vigilant security practices when sourcing third-party code. The incident highlights the need for improved vetting processes in open-source repositories to prevent malicious actors from distributing harmful code under the guise of legitimate software tools.