Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly the case, is concealed in the setup script (setup.py) of these libraries, meaning running a “pip install” command is enough to activate the malware deployment process.
The malware is designed to launch a PowerShell script that retrieves a ZIP archive file, install invasive dependencies such as pynput, pydirectinput, and pyscreenshot, and run a Visual Basic Script extracted from the archive to execute more PowerShell code.
“These libraries allow one to control and monitor mouse and keyboard input and capture screen contents,” Phylum said in a technical report published last week.
The rogue packages are also capable of harvesting cookies, saved passwords, and cryptocurrency wallet data from Google Chrome, Mozilla Firefox, Microsoft Edge, Brave, Opera, Opera GX, and Vivaldi browsers.
But in what’s a novel technique adopted by the threat actor, the attack further attempts to download and install cloudflared, a command-line tool for Cloudflare Tunnel, which offers a “secure way to connect your resources to Cloudflare without a publicly routable IP address.”
The idea, in a nutshell, is to leverage the tunnel to remotely access the compromised machine via a Flask-based app, which harbors a trojan dubbed xrat (but codenamed poweRAT by Phylum).
The malware enables the threat actor to run shell commands, download remote files and execute them on the host, exfiltrate files and entire directories, and even run arbitrary python code.
“This thing is like a RAT on steroids,” Phylum said. “It has all the basic RAT capabilities built into a nice web GUI with a rudimentary remote desktop capability and a stealer to boot!”
The findings are yet another window into how attackers are continuously evolving their tactics to target open source package repositories and stage supply chain attacks.
Late last month, Phylum also disclosed a number of fraudulent npm modules that were found exfiltrating environment variables from the installed systems.