Firewalls bypassed by CloudFlare Tunnels created by Malicious PyPI Packages (12th January 2023)

Ref# AL2023_05 | Date: Jan 12th 2023


Six malicious packages were discovered on the Python Package Index (PyPI) that used Cloudflare Tunnel to get over firewall constraints for remote access while also installing data-stealing and RAT (remote access trojan) malware. 


The malicious packages try to run shell commands, collect typed information and steal sensitive user data stored in browsers, including cookies, passwords saved, and cryptocurrency wallet information. 

The Phylum research team, which keeps a constant eye on PyPI for new campaigns, found the six packages. 

According to the researchers, the package repository first saw these malicious extensions on December 22. The threat actors kept uploading new packages right up until the end of the year. 

The following are the six malicious packages that Phylum detected: 

  • pyrologin  

  • easytimestamp  

  • discorder  

  • discord-dev  


  • pythonstyles 

Although PyPI has now removed all the packages, people who downloaded them must manually remove what is left of the infections, most notably the persistence mechanisms. 

How it works 

Information stealer  

There is a base64-encoded string in the installer ( for these files that decode to a PowerShell script. 

To avoid developer discovery, this script sets the “-ErrorAction SilentlyContinue” flag so that the script will silently continue even if it encounters errors. 

The PowerShell script will download a ZIP file from a distant resource, unzip it on a local temporary directory, and then install a series of dependencies and extra Python packages that allow for remote control and screenshot taking. 

The packages “flask” and “flask cloudflared” are silently installed at that phase. 

One of the ZIP files, “server.pyw,” starts four threads: one to ping a proxied onion site, one to start a keyboard logger and one to harvest data from the compromised machine. The first thread establishes persistence between system reboots. 

Cryptocurrency wallets, browser cookies and passwords, Telegram data, Discord tokens and other information are among the stolen data. A ping to the onion site verifies that the info-stealing stage has been successfully completed before the attackers receive this data by zipping it up and sending it to them via transfer[.]sh. 

Remote access trojan  

To install a Cloudflare Tunnel client on the victim”s computer, the script now executes “,” which is also present in the ZIP bundle. 

Customers, including those with free accounts, can use Cloudflare Tunnel to establish a bidirectional tunnel from a server to the Cloudflare infrastructure. 

By using this connection, web servers can immediately become accessible to the whole public via Cloudflare without having to set up firewalls, open ports or deal with other routing complications. 

Even when a firewall is in place to safeguard that device, the threat actors use this tunnel to remotely access a remote access trojan that is currently operating as the “Flask” script on the infected device. 

The attackers” “xrat” Flask app can exfiltrate files and folders, run shell commands, download remote files and execute them on the host, exfiltrate files and entire directories, and even run arbitrary python code. 

This RAT also offers a one-frame-per-second “live” remote desktop broadcast that starts up as soon as the victim enters something or moves their mouse. 


These malicious packages were removed from PyPI but if these malicious packages infected you, it is recommended that you perform an antivirus scan and then change all passwords at websites you frequently visit. 

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary. 

PDF Download: Malicious PyPI Packages bypass Firewalls.pdf