Security News > 2023 > January > Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.
The malicious packages attempt to steal sensitive user information stored in browsers, run shell commands, and use keyloggers to steal typed secrets.
The six packages were discovered by the Phylum research team, who closely monitors PyPI for emerging campaigns.
Cloudflare Tunnel is a service offering that allows customers, even free accounts, to create a bidirectional tunnel from a server directly to the Cloudflare infrastructure.
Removing the packages and banning the accounts that uploaded them on PyPI does not stop the threat actors, as they can return to action using new names.
If these malicious packages infected you, it is strongly recommended that you perform an antivirus scan and then change all passwords at websites you frequently visit.