CloudFlare Tunnels are malicious PyPi packages that bypass firewalls

Six malware packages were discovered on PyPI (the Python Package Index) installing information-stealing and remote access trojans. They used Cloudflare Tunnel as a bypass to firewall restrictions.

These malicious programs are designed to access sensitive information in web browsers and run shell commands to extract typed secrets.

These six packages were found by the who monitors PyPI closely for new campaigns.

Researchers report that the malicious extensions appeared first on the package repository’s December 22. Others were uploaded by the threat actors until the end of the year.

These are six of the malicious packages that Phylum found:

  • Pyrologin Downloads
  • Disorder – 83 Downloads
  • Discord-dev 228 Downloads
  • pythonstyles – 130 downloads

PyPI has now removed all packages, however, those who downloaded the infections will need to manually remove the remaining infection components, including the persistence mechanism.

Information-stealer functionality

These files contain a executable that encodes a base64-encoded text string and decodes it to a PowerShell program.

The script set the “-ErrorAction SilencingContinue” flag to ensure that the script continues silently, even when it encounters errors. This is done in order to prevent developers from detecting the script.

PowerShell will extract a ZIP file from remote resources, then unzip the zip on a temp directory. Next, it will install dependencies and other Python packages to make remote control possible and capture screenshots.

The stage referred to as ‘flask_cloudflared’ or ‘flask_cloudflared’ contains two additional packages that are silently installed.

The ZIP file “server.pyw” launches four threads. One to maintain persistence between reboots; one to ping an proxied onion site; one to launch a keystroke logger and one for data theft from compromised machines.

This data includes browser cookies, passwords and cryptocurrency wallets as well as Telegram data and Discord tokens. These data are zipped and sent via transfer[. The attackers are notified by sh, and pings to the onion website confirm the successful completion of the information-stealing process.

Fourth thread performs the data-stealing


Remote access trojan also available

Now, the script runs “”, also found in the ZIP archive. This is used to install the client onto the victim’s computer.

Cloudflare Tunnel allows customers to set up a bidirectional tunnel between a Cloudflare server and a Cloudflare infrastructure.

Cloudflare’s connection allows web servers quickly to become public via Cloudflare. This is possible without the need for firewalls or opening ports.

This tunnel is used by threat actors to remotely access the remote access trojan on infected devices as the Flask script. Even though firewalls protect that device,

Flask, commonly known as “xrat” and used to steal victim’s username, IP address and execute shell commands on breached machines, extract files and directories and run Python code. They can also download additional payloads and launch them.

The RAT supports remote desktop streaming at one frame per second. This activates when the victim type or moves their mouse.

Live remote feed


The PyPI has a new collection of apps that proves the threat to the platform is evolving. They are becoming more sophisticated and powerful.

However, banning accounts who uploaded the packages to PyPI and removing them from the system does not prevent threat actors. They can still return to the action with new identities.

Additionally, the apps can still be installed on infected devices even after they have been removed from PyPi. Developers will need to manually remove them.

It is highly recommended to run an antivirus scan immediately after downloading these malware packages. Next, change any passwords on websites that you frequent.