Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.
All three packages are no longer available on PyPI. The names of the Python packages are below -

checker-SaGaF (2,605 downloads)
steinlurks (1,049 downloads)
sinnercore (3,300 downloads)



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html