New Case Study: Threat Hunter finds renamed system utilities by file hash to uncover multiple attacks   

Read Case Study


Malicious PyPI Packages Utilizing Cloudflare Tunnels to Bypass Firewalls

January 9, 2023

A malicious campaign has been found targeting the Python Package Index (PyPI) repository. Six malicious packages have been distributing information stealers on developer PCs. Between December 22 and December 31, 2022, Phylum found the now-removed packages, which included pyrologin, disorder, easytimestamp,, discord-dev, and pythonstyles. Running a “pip install” command activated the malware deployment process, meaning the malicious code is concealed in the setup script ( of these libraries. The malware launches a PowerShell script that retrieves a ZIP archive file, installs invasive dependencies such as pydirectinput, pynput, and pyscreenshot, and runs a Visual Basic Script extracted from the archive to deliver more PowerShell code. “These libraries allow one to control and monitor mouse and keyboard input and capture screen contents,” reads a technical report from Phylum. The malicious software can also gather data from Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Brave, Opera GX, and Vivaldi browsers, including cookies, saved passwords, and cryptocurrency wallet information. However, the attack also tries to download and install cloudflared, a command-line tool for Cloudflare Tunnel, which provides a “secure way to connect your resources to Cloudflare without a publicly routable IP address.”

Analyst Notes

This tunnel technique is a unique tactic used by the threat actor. The idea is to leverage the tunnel to remotely access the compromised computer via a Flask-based app, which contains a trojan dubbed xrat (but codenamed poweRAT by Phylum). The malicious program allows threat actors to execute arbitrary Python code, download and run remote files on the host, exfiltrate files and entire directories, run shell commands, and more. The Flask application supports a “live” functionality as well. It takes snapshots of the system and listens to mouse and keyboard click events to gather any sensitive data input by the victim. “This thing is like a RAT on steroids. It has all the basic RAT capabilities built into a nice web GUI with a rudimentary remote desktop capability and a stealer to boot,” stated Phylum. The findings offer another view into how attackers’ strategies for launching supply chain attacks against open-source package repositories are constantly evolving.