<ul><li>Security researchers found three malicious PyPI packages named “checker-SaGaF”, “steinlurks”, and “sinnercore” designed to steal Instagram and TikTok accounts.</li><li>These packages collectively had around 7,000 downloads before being removed from PyPI.</li><li>The first two packages validated email addresses with TikTok and Instagram APIs while the third package triggered password reset flows on Instagram accounts.</li><li>This incident follows a recent discovery of two malicious PyPI packages targeting cryptocurrency wallets and highlights the ongoing threat of malware on the platform.</li></ul>

Instagram and TikTok accounts are being stolen using malicious PyPI packages

Discover more