Sign Up
Already have an account?Log In
By clicking "Sign Up" you agree to our terms of service and privacy policy
- Username should be more than 3 characters.
- Username cannot start with numeric character.
- Username characters must be from {a-z,0-9}, special characters are not allowed.
- Make sure the Email is working to receive verification code & password reset link.
- Password should be more than 6 characters.
Forgot Password
Malicious PyPI Packages Exploiting Instagram and TikTok APIs to Validate User Accounts
Cybersecurity experts have identified malicious Python packages uploaded to the Python Package Index (PyPI) that serve as checker tools to verify stolen email addresses against TikTok and Instagram APIs. These packagesnamely checker-SaGaF, steinlurks, and sinnercorehave collectively garnered over 6,900 downloads before being removed. The malicious tools enable threat actors to authenticate compromised accounts by leveraging social media APIs, facilitating account hijacking, spam campaigns, or fraudulent activities. Although these packages are no longer available, their existence highlights ongoing security vulnerabilities in open-source ecosystems and underscores the importance of diligent package vetting and API monitoring. Staying informed about such developments is crucial for organizations managing user authentication and social media security.
Share
Copied