From thehackernews.com
![PyPI Packages Using Cloudflare Tunnels](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEioLScBPxvaWYxBOr1rsfntTQBybECKgpFxx-nGDPk_6IEFmhwQZZ76aF7moU9Hi_S2_w75CFEod-Eel2kD5OhdS_Fd1CYnfCmlWRNXkclQUd1Mf0EtKwb8KK4R-kUkZTZKFI3O3Bgb9zMEylSOk0RQh3dqwz0TbrSuzizWMfynsbG2edK8EdkKUswZ/s728-rj-e3650/cf.png)
In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as isĀ increasingly the case, is concealed in the setup script (setup.py) of these libraries, meaning running a “pip install” command is enough to activate the malware deployment process.