Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls


PyPI Packages Using Cloudflare Tunnels

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.

The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev,, and pythonstyles.

The malicious code, as is increasingly the case, is concealed in the setup script ( of these libraries, meaning running a “pip install” command is enough to activate the malware deployment process.

Read more…