TZUTC: -0500
MSGID: 1134.consprcy@1:2320/105 2c91c470
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Instagram and TikTok accounts are being stolen using malicious PyPI packages

Date:
Tue, 20 May 2025 12:43:59 +0000

Description:
Someone's hunting for Instagram and TikTok email accounts and triggering the
password reset process.

FULL STORY

Security researchers have found some of the tools cybercriminals are using to
steal peoples Instagram and TikTok accounts - on PyPI. 

The Python Package Index (PyPI), one of the worlds biggest repositories of
Python code, is often abused to holst malicious code, or trick software
developers into downloading and running tainted code in their projects. 

In this case, security researchers from Socket found three packages, named
checker-SaGaF, steinlurks, and sinnercore. Cumulatively, these three had
around 7,000 downloads before being pulled from the platform. 

Credential stuffing and password spraying

The first two acted as email address validators, cross-referencing supplied
email addresses with TikTok and Instagram APIs, to see if they are associated
with accounts on the platform. While simply checking if an email address is
valid doesnt seem to be particularly harmful, it is an important step in
cybercriminal activity, the researchers explained. 

"Once threat actors have this information, just from an email address, they
can threaten to dox or spam, conduct fake report attacks to get accounts
suspended, or solely confirm target accounts before launching a credential
stuffing or password spraying exploit," said Sockets Olivia Brown. 

"Validated user lists are also sold on the dark web for profit. It can seem
harmless to construct dictionaries of active emails, but this information
enables and accelerates entire attack chains and minimizes detection by only
targeting known-valid accounts." 

The third package, sinnercore, triggers the  forgot password  flow for a 
given username on Instagram. 

The news comes roughly a month after researchers found two malicious packages
on PyPI, posing as fixes for a popular, legitimate package. The malware was
designed to steal peoples cryptocurrency, which is a popular attack vector on
PyPI. In this case, the legitimate package is used in building hot wallets -
software wallets for cryptocurrencies. Despite being obvious malware, the two
packages still managed to rake in more than 37,000 downloads before being
pulled. 

 Via The Hacker News

======================================================================
Link to news story:
https://www.techradar.com/pro/security/instagram-and-tiktok-accounts-are-being
-stolen-using-malicious-pypi-packages

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426