In an age where even hackers are disillusioned by excessive Zoom meetings, a new trend has emerged among cybercriminals: using Discord as a command-and-control (C2) channel. Because honestly, who wouldn’t prefer the soothing chaos of Discord pings over another email thread about ‘urgent’ TPS reports?

Cybersecurity researchers have uncovered an alarming number of malicious packages across npm, PyPI, and RubyGems ecosystems. These packages are not stealing passwords to buy NFTs, but are instead sending developer data directly to Discord. We assume this is just the hackers’ way of saying, ‘We’re cool, we promise! Check out our Discord server for exclusive stolen data content.’

Thankfully, using Discord webhooks means these tech-savvy pirates aren’t burdened by bot user accounts or any of that pesky authentication nonsense. Because when you’re stealing developer data for a living, the last thing you want is more passwords to remember. After all, there’s a fine line between being a savvy data thief and just another victim of today’s relentless password fatigue.