"Malicious PyPI Packages Create Cloudflare Tunnels to Bypass Firewalls"

Six malicious packages were discovered on the Python Package Index (PyPI), installing information-stealing and Remote Access Trojan (RAT) malware leveraging Cloudflare Tunnel to circumvent firewall rules for remote access. The malicious packages aim to steal confidential user information stored in browsers, execute shell commands, and steal typed secrets via keyloggers. The six packages were identified by the Phylum research team, which carefully watches PyPI for the emergence of new malicious campaigns. According to the researchers, these malicious extensions debuted in the package repository on December 22. The threat actors uploaded more packages until the final day of the year. All packages have been removed from PyPI. However, those who downloaded them must manually remove the infection's traces, specifically the persistence methods. The malicious packages include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles. This article continues to discuss the discovery of six malicious packages deploying information stealers on developer systems.

Bleeping Computer reports "Malicious PyPI Packages Create Cloudflare Tunnels to Bypass Firewalls"