Roblox and Discord Become Virus Vectors for New PyPI Malware – The New Stack
If you can communicate on it, you can abuse it. This was proven again recently when a hacker using the name “scarycoder” uploaded a dozen malicious Python packages to PyPI, the popular Python code repository. These bits of code pretended to provide useful functions for Roblox gaming community developers, but all they really did was steal users’ information. So far, so typical. Where it got interesting is it used the Discord messaging app to download malicious executable files.
Snyk developer security researchers found the nasty Python code with their static analysis tools. These poisonous packages were built with PyInstaller. This bundled the malicious application and its dependencies into one package. purpose. PyInstaller served two purposes here. First, it tried to make it harder to detect by incorporating the malicious code in dependencies instead of downloading them from a remote server to the host. Second, this enabled them to provide naive developers with an executable file that didn’t require the safety belt interpreter.
Perfect Storm
Since, as Taylor Ellis, a Customer Threat Analyst for Horizon3ai, an Autonomous pentest startup, said, “Roblox is an online gaming platform where users go to play games or create their own gaming programs. It is highly popular among children, for according to their user base, 67% of Roblox users are under the age of 16.” And, since Roblox players frequently go on Discord to talk with strangers, you’ll have a perfect storm for users’ machines to get infected. These still wet behind the ears developers don’t realize that running an unknown executable is just asking to be hacked.
Ellis added, “Roblox and Discord need to do more to protect the majority of young users on their platforms.” And “Roblox does little to warn their users about the dangers of clicking on malicious links within their platform, which sometimes lead to a malevolent Discord server or external backwater website.”
Easy to Abuse
In the battle between ease of use and security, Roblox and Discord err on the side of making their systems too easy to abuse.
As for the attacks themselves, Snyk observes that the Windows malware targets data that is stored…
