DeepSeek AI Tools Impersonated by Infostealer Malware on PyPI
Cybercriminals are exploiting the growing popularity of DeepSeek AI by distributing malicious infostealer packages on the Python Package Index (PyPI). These deceptive packages were designed to impersonate legitimate developer tools for the AI platform.
Malicious Packages Disguised as DeepSeek AI Tools
The fake packages, named "deepseeek" and "deepseekai", were crafted to mimic DeepSeek, a Chinese artificial intelligence startup known for its R1 large-language model. Given DeepSeek's rapid rise in prominence, attackers sought to capitalize on its reputation.
Interestingly, the malicious packages were uploaded by an aged PyPI account, created in June 2023, with no prior activity—an evasion tactic commonly used by threat actors.
Infostealer Malware Targeting Developers
Researchers from Positive Technologies, who uncovered and reported the campaign, found that the fraudulent packages contained infostealer malware designed to extract sensitive information from developers who installed them.
Once executed, the malware harvested:
User and system information
Environment variables, including API keys
Database credentials
Cloud infrastructure access tokens
The stolen data was then transmitted to a command-and-control (C2) server hosted on Pipedream, a legitimate automation platform, at eoyyiyqubj7mquj.m.pipedream[.]net.
Attack Execution
The malicious payload was embedded within the packages and executed when users ran commands using deepseeek or deepseekai in their command-line interface.
According to the Positive Technologies report: "Functions used in these packages are designed to collect user and computer data and steal environment variables." Since these variables often contain highly sensitive credentials, such as API keys for cloud storage and database access, the attack posed a significant security risk.
Impact and Developer Exposure
The malicious packages, deepseeek 0.0.8 and deepseekai 0.0.8, were uploaded to PyPI on January 29, 2025, within a span of just twenty minutes.
Despite being swiftly reported and removed from PyPI, the packages had already been downloaded 222 times, affecting developers primarily in:
United States (117 downloads)
China (36 downloads)
Russia, Germany, Hong Kong, and Canada (remaining cases)
No comments:
Post a Comment