1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Instagram and TikTok accounts are being stolen using malicious Py

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 20, 2025 13:45:07
    Instagram and TikTok accounts are being stolen using malicious PyPI packages

    Date:
    Tue, 20 May 2025 12:43:59 +0000

    Description:
    Someone's hunting for Instagram and TikTok email accounts and triggering the password reset process.

    FULL STORY ======================================================================Security
    researchers found three malicious PyPI packages The packages had around
    7,000 downloads They were designed to check for active email accounts

    Security researchers have found some of the tools cybercriminals are using to steal peoples Instagram and TikTok accounts - on PyPI.

    The Python Package Index (PyPI), one of the worlds biggest repositories of Python code, is often abused to holst malicious code, or trick software developers into downloading and running tainted code in their projects.

    In this case, security researchers from Socket found three packages, named checker-SaGaF, steinlurks, and sinnercore. Cumulatively, these three had around 7,000 downloads before being pulled from the platform.

    60% off for Techradar readers

    With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus.

    Preferred partner ( What does this mean? ) View Deal Credential stuffing and password spraying

    The first two acted as email address validators, cross-referencing supplied email addresses with TikTok and Instagram APIs, to see if they are associated with accounts on the platform. While simply checking if an email address is valid doesnt seem to be particularly harmful, it is an important step in cybercriminal activity, the researchers explained.

    "Once threat actors have this information, just from an email address, they can threaten to dox or spam, conduct fake report attacks to get accounts suspended, or solely confirm target accounts before launching a credential stuffing or password spraying exploit," said Sockets Olivia Brown.

    "Validated user lists are also sold on the dark web for profit. It can seem harmless to construct dictionaries of active emails, but this information enables and accelerates entire attack chains and minimizes detection by only targeting known-valid accounts."

    The third package, sinnercore, triggers the forgot password flow for a
    given username on Instagram.

    The news comes roughly a month after researchers found two malicious packages on PyPI, posing as fixes for a popular, legitimate package. The malware was designed to steal peoples cryptocurrency, which is a popular attack vector on PyPI. In this case, the legitimate package is used in building hot wallets - software wallets for cryptocurrencies. Despite being obvious malware, the two packages still managed to rake in more than 37,000 downloads before being pulled.

    Via The Hacker News You might also like Malicious Python packages are stealing vital data, and have been downloaded thousands of times already Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/instagram-and-tiktok-accounts-are-being -stolen-using-malicious-pypi-packages


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)