Over the past few years, Sonatype had consistently been on top of discovering malicious packages infiltrating open source ecosystems like npm, PyPI, and GitHub. Among various examples, this has included Discord token and credit card stealers previously caught on the npm registry by our automated malware detection system, Nexus Firewall.
Article Link: Malicious Roblox Cookie and Discord Token Stealers Hit PyPI Repository