Attacks have been leveraged by threat actors to check the validity of pilfered account credentials.
Python Package Index repository packages abusing TikTok and Instagram APIs have been leveraged by threat actors.
According to an analysis from Socket, the attacks have been leveraged by threat actors to check the validity of pilfered account credentials.
The checker-SaGaF package is used, which has features enabling the spoofing of legitimate app behavior to establish the existence of accounts, while the steinlurks package contains almost half a dozen functions aimed at Instagram that allow covert compromise.
Also, old app endpoints have been harnessed by the sinnercore package to prompt password reset flows on Instagram. Organisations and individuals have been urged by Socket to ensure not only improved leaked credential awareness, but also the implementation of regular password updates and thorough API response reviews.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
