TZUTC: -0500   
   MSGID: 1134.consprcy@1:2320/105 2c91c470   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Instagram and TikTok accounts are being stolen using malicious PyPI packages   
      
   Date:   
   Tue, 20 May 2025 12:43:59 +0000   
      
   Description:   
   Someone's hunting for Instagram and TikTok email accounts and triggering the   
   password reset process.   
      
   FULL STORY   
      
   Security researchers have found some of the tools cybercriminals are using to   
   steal peoples Instagram and TikTok accounts - on PyPI.    
      
   The Python Package Index (PyPI), one of the worlds biggest repositories of   
   Python code, is often abused to holst malicious code, or trick software   
   developers into downloading and running tainted code in their projects.    
      
   In this case, security researchers from Socket found three packages, named   
   checker-SaGaF, steinlurks, and sinnercore. Cumulatively, these three had   
   around 7,000 downloads before being pulled from the platform.    
      
   Credential stuffing and password spraying   
      
   The first two acted as email address validators, cross-referencing supplied   
   email addresses with TikTok and Instagram APIs, to see if they are associated   
   with accounts on the platform. While simply checking if an email address is   
   valid doesnt seem to be particularly harmful, it is an important step in   
   cybercriminal activity, the researchers explained.    
      
   "Once threat actors have this information, just from an email address, they   
   can threaten to dox or spam, conduct fake report attacks to get accounts   
   suspended, or solely confirm target accounts before launching a credential   
   stuffing or password spraying exploit," said Sockets Olivia Brown.    
      
   "Validated user lists are also sold on the dark web for profit. It can seem   
   harmless to construct dictionaries of active emails, but this information   
   enables and accelerates entire attack chains and minimizes detection by only   
   targeting known-valid accounts."    
      
   The third package, sinnercore, triggers the  forgot password  flow for a    
   given username on Instagram.    
      
   The news comes roughly a month after researchers found two malicious packages   
   on PyPI, posing as fixes for a popular, legitimate package. The malware was   
   designed to steal peoples cryptocurrency, which is a popular attack vector on   
   PyPI. In this case, the legitimate package is used in building hot wallets -   
   software wallets for cryptocurrencies. Despite being obvious malware, the two   
   packages still managed to rake in more than 37,000 downloads before being   
   pulled.    
      
    Via The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/instagram-and-tiktok-accounts-are-being   
   -stolen-using-malicious-pypi-packages   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426