Cybersecurity researchers have identified several malicious packages in the NPM, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.
Webhook bots on Discord are a way to post messages to channels in the platform without requiring user or authentication, making them an attractive mechanism for attackers to exfiltrate data into channels they control.
“The important thing is that webhook URLs are effectively write-only,” socket researcher Olivia Brown said in an analysis. “They do not expose the channel’s history, and defenders cannot read back previous posts simply by knowing the URL.”
The software supply chain security company said it has identified several packages that use Discord webhooks in various ways –
- mysql-dumpdiscord (npm), which dumps the contents of developer configuration files such as config.json, .env, ayarlar.js, and ayarlar.json to a Discord webhook.
- nodejs.discord (npm), which uses Discord webhooks for potential log alerts (an approach that is not inherently malicious)
- malinssx, malicus, and malininn (PyPI), which are available in “pip install
” uses Discord as a C2 server by triggering an HTTP request over a channel every time a package is installed. - sqlcommenter_rails (RubyGems.org), which collects host information including the contents of sensitive files such as “/etc/passwd” and “/etc/resolv.conf” and sends it to a hard-coded Discord webhook
“C2’s abuse of Discord webhooks matters because it reverses the economics of supply chain attacks,” Brown said. “By being free and fast, threat actors avoid hosting and maintaining their own infrastructure. Additionally, they often blend into regular code and firewall rules, allowing intrusions even from unsuspecting victims.”
“When combined with install-time hooks or build scripts, malicious packages with the Discord C2 mechanism can silently steal .env files, API keys, and host details from developer machines and CI runners long before runtime monitoring apps notice them.”
NPM floods infectious interviews with fake packages
The disclosure came as the company also identified 338 malicious packages published by North Korean threat actors linked to the Contagious Interview campaign that were used to distribute malware families such as HexEval, The packages were collectively downloaded more than 50,000 times.
“In this latest wave, North Korean threat actors used more than 180 fake personas associated with new NPM aliases and registration emails, and ran more than a dozen command and control (C2) endpoints,” said security researcher Kirill Boychenko.
The campaign’s targets include Web3, cryptocurrency and blockchain developers as well as job seekers in the tech sector, who are contacted on professional platforms such as LinkedIn with attractive opportunities. Potential targets are then instructed to complete a coding assignment by cloning a booby-trapped repository that references a malicious package (for example, eslint-detector) that is already published in the npm registry.
Once running locally on a machine, the package referenced in the alleged project acts as a stealer (i.e., beavertail) to collect browser credentials, cryptocurrency wallet data, macOS Keychains, keystrokes, clipboard contents, and screenshots. The malware is designed to download additional payloads, including a cross-platform Python backdoor codenamed InvisibleFerret.
Among the hundreds of packages uploaded by North Korean actors, many of them are typosquats of their legitimate counterparts (for example, dotevn vs. dotenv), especially those related to frontend frameworks like Node.js, Express, or React. Some of the libraries identified were found to be similar to the Web3 kit (for example, ethrs.js vs ethers.js).
“Infectious interviewing is not a cybercrime hobby, it works like an assembly line or factory-model supply chain threat,” Boychenko said. “This is a state-directed, quota-driven operation with sustainable resources, not weekend crews, and removing the malicious package is insufficient if the associated publisher account remains active.”
“The campaign’s trajectory points toward a sustainable, factory-style operation that treats the NPM ecosystem as a renewable early access channel.”
