Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.
Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to exfiltrate data to a channel under their control.
“Importantly, webhook URLs are effectively write-only,” Socket researcher Olivia Brown said in an analysis. “They do not expose channel history, and defenders cannot read back prior posts just by knowing the URL.”
The software supply chain security company said it identified a number of packages that use Discord webhooks in various ways –
- mysql-dumpdiscord (npm), which siphons the contents of developer configuration files like config.json, .env, ayarlar.js, and ayarlar.json to a Discord webhook
- nodejs.discord (npm), which uses a Discord webhook to likely log alerts (an approach that’s not inherently malicious)
- malinssx, malicus, and maliinn (PyPI), which uses Discord as a C2 server by triggering an HTTP request to a channel every time the packages are installed using “pip install <package name>”
- sqlcommenter_rails (RubyGems.org), which collects host information, including contents of sensitive files like “/etc/passwd” and “/etc/resolv.conf,” and sends it to a hard-coded Discord webhook
“Abuse of Discord webhooks as C2 matters because it flips the economics of supply chain attacks,” Brown noted. “By being free and fast, threat actors avoid hosting and maintaining their own infrastructure. Also, they often blend in to regular code and firewall rules, allowing exfiltration even from secured victims.”
“When paired with install-time hooks or build scripts, malicious packages with Discord C2 mechanism can quietly siphon .env files, API keys, and host details from developer machines and CI runners long before runtime monitoring ever sees the app.”
Contagious Interview Floods npm With Fake Packages
The disclosure comes as the company also flagged 338 malicious packages published by North Korean threat actors associated with the Contagious Interview campaign, using them to deliver malware families like HexEval, XORIndex, and encrypted loaders that deliver BeaverTail, instead of directly dropping the JavaScript stealer and downloader. The packages were collectively downloaded more than 50,000 times.
“In this latest wave, North Korean threat actors used more than 180 fake personas tied to new npm aliases and registration emails, and ran over a dozen command and control (C2) endpoints,” security researcher Kirill Boychenko said.
Targets of the campaign include Web3, cryptocurrency, and blockchain developers, as well as job seekers in the technical sector, who are approached on professional platforms like LinkedIn with lucrative opportunities. Prospective targets are then instructed to complete a coding assignment by cloning a booby-trapped repository that references a malicious package (e.g., eslint-detector) that’s already published to the npm registry.
Once run locally on the machine, the package referenced in the supposed project acts as a stealer (i.e., BeaverTail) to harvest browser credentials, cryptocurrency wallet data, macOS Keychain, keystrokes, clipboard content, and screenshots. The malware is designed to download additional payloads, including a cross-platform Python backdoor codenamed InvisibleFerret.
Of the hundreds of packages uploaded by North Korean actors, many of them are typosquats of their legitimate counterparts (e.g., dotevn vs. dotenv), especially those related to Node.js, Express, or frontend frameworks like React. Some of the identified libraries have also been found to be lookalikes of Web3 kits (e.g., ethrs.js vs. ethers.js).
“Contagious Interview is not a cybercrime hobby, it operates like an assembly line or a factory-model supply chain threat,” Boychenko said. “It is a state-directed, quota-driven operation with durable resourcing, not a weekend crew, and removing a malicious package is insufficient if the associated publisher account remains active.”
“The campaign’s trajectory points to a durable, factory-style operation that treats the npm ecosystem as a renewable initial access channel.”
