PyPI Packets ByPass Firewall Using Cloudflare Tunnel
Six packages were found in the official repository for open-source Python projects that steal information and forward it to hackers. In addition, the attackers are given remote access. Cloudflare tunnels are used to bypass firewall restrictions.
According to Bleeping Computer, these are the six PyPI packages “pyrologin”, “easytimestamp”, “discorder”, “discord-dev”, “style.py” and “pythonstyles”. Although the packages have only recorded 83 to 228 downloads so far, the administrators of affected systems should uninstall the programs as soon as possible. The first extensions with malicious code of the current wave are said to have appeared on December 22nd and were discovered by Phylum. All projects have now been blocked.
The stolen data includes cryptocurrency wallets, browser cookies, passwords, Telegram information, as well as Discord tokens. The information is sent to an attacker’s server. A Cloudflare tunnel is also installed on the computer. With it, the hackers can access the PC without the connection being rejected by a firewall. The Trojan offers the option to run console commands on the compromised device as well as broadcast the desktop.
PyPI requires 2FA for critical projects
Of course, removing the corresponding packages does not prevent further programs with malicious code from being added in the future. PyPI has struggled with malicious content in the past. In the middle of last year, a few packages appeared that steal and forward users’ AWS keys. The administrators then introduced two-factor authentication for critical projects with a large number of downloads, which was not welcomed by all developers, however.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.