Security firm Phylum discovered six malicious packages on the Python Package Index (PyPI). The packages installed info-stealing RAT (remote access trojan) malware using Cloudflare Tunnel to bypass firewalls.

The packages attempted to steal sensitive user information from browsers, run shell commands and use keyloggers to obtain typed secrets. The first malicious extensions were detected in the package repository on December 22, with more coming in until the end of the year. Phylum’s team frequently monitors PyPI for emerging threats.

The six malicious packages found were pyrologin (165 downloads), easytimestamp (141), discorder (83), discord-dev (228), (193) and pythonstyles (130). All packages found have been removed from PyPI. Users who downloaded them will have to manually remove the infection, including persistence mechanisms. 

How the packages work

A PowerShell script is included in a base64-encoded string in the installer ( The script downloads a ZIP file from a remote resource, unzips it on a local temp directory, installs dependencies and retrieves additional Python packages for remote control and screenshot capturing. 

It also installs two packages called ‘flask’ and ‘flask_cloudflared’. One of the files in the ZIP, ‘server.pyw’, launches threads that establish persistence, ping a proxied onion site, start a keystroke logger and steal data from the compromised machine. 

Stolen data includes cryptocurrency wallets, browser cookies, passwords, Discord tokens and more. Data is transmitted to the attackers through ‘transfer[.]sh’. The onion site is pinged upon completion.

Evolving risk

The discovery of malicious packages on PyPI demonstrates the platform’s evolving risk. Removing packages and banning associated accounts does not stop threat actors, who can simply return under different names. Infected developers have to manually remove malicious packages and traces from their devices.

Tip: Researchers find dozens of PyPi packages pushing malware