Malicious PyPI Package ‘automslc’ Abuses Deezer Credentials for Mass Piracy

By /

Listen to this Post

A Dangerous Tool Hiding in Plain Sight

A malicious Python package named ‘automslc’ has been silently enabling large-scale music piracy on the Deezer streaming service. Since its release on the Python Package Index (PyPI) in 2019, this package has been downloaded over 100,000 times, allowing users to illegally download high-quality tracks without restriction.

The cybersecurity firm Socket uncovered the package, revealing that it hardcodes stolen Deezer credentials to scrape metadata and access full-length audio files. While some might view this as a simple piracy tool, automslc raises serious concerns due to its command-and-control (C2) infrastructure, which could potentially expose users to further malware risks.

At the time of writing, the package remains available on PyPI, posing an ongoing security and legal risk.

How automslc Enables Piracy

The automslc package works by using either hardcoded stolen login credentials or those supplied by users to authenticate with Deezer’s API. Once inside, the script:

1. Requests track metadata from Deezer’s database.

  1. Extracts decryption tokens (such as ‘MD5_ORIGIN’) used for generating streaming URLs.
  2. Bypasses Deezer’s public preview limitations, which typically restrict users to 30-second snippets.
  3. Downloads entire high-quality audio files directly to the user’s device for offline listening and distribution.

This process violates Deezer’s terms of service and copyright laws, effectively enabling large-scale piracy. Unlike standalone piracy tools, automslc operates using C2 infrastructure, suggesting an active monitoring system controlled by unknown threat actors.

Investigators linked the package to the aliases “hoabt2” and “Thanh Hoa”, but their real identities remain unclear.

If you are using automslc, be aware that you are engaging in illegal activity that could have serious legal consequences. Additionally, due to its C2-based operation, the package could be repurposed for more malicious activities in future updates.

What Undercode Says: A Deeper Look at the Threat

While software piracy is nothing new, automslc presents a unique cybersecurity risk beyond just illegal music downloads. Here’s why this package is more dangerous than it appears:

1. Malicious Intent Hidden Under a Piracy Tool

Most piracy tools operate independently, but automslc uses a centralized command-and-control structure. This suggests that the package’s creator is actively managing and monitoring the piracy network. In future updates, the developer could easily introduce:

– Ransomware or spyware that compromises

– Credential theft, putting user accounts at risk.

  • Botnet-like functionality, using unsuspecting users for larger cyberattacks.

2. Legal and Ethical Risks

Downloading music illegally exposes users to potential copyright lawsuits, especially since the package enables mass downloads at scale. Furthermore, distributing copyrighted music can lead to criminal charges, depending on the jurisdiction.

3. Trust Issues with PyPI

PyPI is one of the most widely used repositories for Python developers, but automslc’s presence since 2019 raises serious concerns about security oversight. If a piracy-enabling package can stay undetected for years, it begs the question:
– How many other malicious or data-stealing packages exist on PyPI?
– What steps should the Python community take to improve package vetting?

4. Impact on Deezer and Other Streaming Services

Deezer, like other streaming platforms, relies on subscription revenue to support artists and maintain its service. Large-scale piracy tools like automslc undermine this business model by enabling:

– Revenue loss due to bypassed subscriptions.

  • Increased security costs as companies fight API abuse.
  • Potential legal repercussions for platforms that fail to detect or mitigate piracy attempts.

5. The Role of Open-Source Ethics

The open-source community thrives on transparency and trust, but tools like automslc create ethical dilemmas. Developers must ask themselves:
– Should platforms like PyPI enforce stricter code audits before allowing public distribution?
– How can the community identify and report similar threats more efficiently?

Conclusion: More Than Just a Piracy Tool

Automslc is not just an illegal downloader—it’s a cybersecurity risk. Its C2 infrastructure hints at potential future threats, and its continued availability on PyPI is a wake-up call for security researchers.

Users should immediately remove automslc if installed and stay cautious when downloading unverified packages from PyPI. Meanwhile, streaming platforms and security firms must work together to detect and dismantle similar threats before they escalate.

References:

Reported By: https://www.bleepingcomputer.com/news/security/pypi-package-with-100k-installs-pirated-music-from-deezer-for-years/
Extra Source Hub:
https://www.reddit.com
Wikipedia: https://www.wikipedia.org
Undercode AI

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2Featured Image

Explore More: