Cybersecurity researchers have discovered harmful packages on the Python Package Index (PyPI) that facilitate the validation of stolen email addresses against TikTok and Instagram APIs. The identified packages, checker-SaGaF, steinlurks, and sinnercore, were designed to allow threat actors to check if an email is linked to an account, enabling various cyber attacks including spamming and credential stuffing. These packages have since been removed from PyPI, but the impact remains significant as validated email lists are sought after on the dark web for malicious purposes.
"True to its name, checker-SaGaF checks if an email is associated with a TikTok account and an Instagram account," Socket researcher Olivia Brown said in an analysis published last week.
"Once threat actors have this information, just from an email address, they can threaten to dox or spam, conduct fake report attacks to get accounts suspended, or solely confirm target accounts before launching a credential stuffing or password spraying exploit," Brown said.
"Validated user lists are also sold on the dark web for profit. It can seem harmless to construct dictionaries of active emails, but this information enables and accelerates entire attack chains and minimizes detection by only targeting known-valid accounts."
"steinlurks, in a similar manner, targets Instagram accounts by sending forged HTTP POST requests mimicking the Instagram Android app to evade detection."
Collection
[
|
...
]