Malicious PyPI Package Automslc: A Deezer Music Piracy Operation

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Malicious PyPI Package Automslc: A Deezer Music Piracy Operation

2025-03-02

Researchers have uncovered a malicious PyPI package, automslc, enabling coordinated, unauthorized music downloads from Deezer. Downloaded over 100,000 times, it uses hardcoded credentials and a C2 server (54.39.49[.]17:8031) to bypass Deezer's API restrictions and download full tracks, violating Deezer's terms of service. The threat actor, using multiple accounts and a GitHub profile, orchestrates a distributed piracy operation, highlighting the importance of software supply chain security and the need for developers and organizations to protect themselves against such attacks.

(socket.dev)

Tech Software Supply Chain Security API Abuse

Firefox Alternatives? A Long-Time User's Dilemma

Breakthrough: 3D Kakeya Conjecture Solved