Deepseek's Popularity Exploited to Push Malicious Packages via Pypi
Summary:
On January 29, 2025, two malicious Python packages, deepseeek and deepseekai, were uploaded to the PyPI repository, masquerading as legitimate client libraries for interacting with the DeepSeek AI API. In just 30 minutes before they were removed, these packages were downloaded 36 times by developers worldwide. While they appeared to provide API access, they were actually designed to harvest user data, system information, and environment variables, potentially exposing sensitive credentials such as API keys for cloud storage services, database credentials, and other authentication tokens.
According to researchers from Positive Technologies, the attacker leveraged Pipedream, an integration platform commonly used by developers, as the command-and-control (C2) server to collect and manage the stolen data. The malicious script embedded within the packages was found to be partially AI-generated, as indicated by auto-generated comments explaining the code, further demonstrating how threat actors are increasingly using AI tools to assist in creating sophisticated malware.
Security Officer Comments:
PyPI administrators responded swiftly to reports of the malicious packages, quarantining them within 30 minutes of their publication. This quick action prevented widespread distribution and minimized potential damage. However, the attack underscores the increasing exploitation of trusted repositories like PyPI, which serves as the default package source for many popular Python package managers.
Suggested Corrections:
Security researchers urge developers to exercise caution when installing newly released packages, particularly those claiming to provide integrations with trending AI services. Verifying the authenticity of package authors, scrutinizing code before execution, and relying on well-established repositories are essential practices to mitigate risks associated with software supply chain attacks.
Link(s):
https://www.helpnetsecurity.com/202...xploited-to-push-malicious-packages-via-pypi/
https://global.ptsecurity.com/analy...-deepseekai-published-in-python-package-index
On January 29, 2025, two malicious Python packages, deepseeek and deepseekai, were uploaded to the PyPI repository, masquerading as legitimate client libraries for interacting with the DeepSeek AI API. In just 30 minutes before they were removed, these packages were downloaded 36 times by developers worldwide. While they appeared to provide API access, they were actually designed to harvest user data, system information, and environment variables, potentially exposing sensitive credentials such as API keys for cloud storage services, database credentials, and other authentication tokens.
According to researchers from Positive Technologies, the attacker leveraged Pipedream, an integration platform commonly used by developers, as the command-and-control (C2) server to collect and manage the stolen data. The malicious script embedded within the packages was found to be partially AI-generated, as indicated by auto-generated comments explaining the code, further demonstrating how threat actors are increasingly using AI tools to assist in creating sophisticated malware.
Security Officer Comments:
PyPI administrators responded swiftly to reports of the malicious packages, quarantining them within 30 minutes of their publication. This quick action prevented widespread distribution and minimized potential damage. However, the attack underscores the increasing exploitation of trusted repositories like PyPI, which serves as the default package source for many popular Python package managers.
Suggested Corrections:
Security researchers urge developers to exercise caution when installing newly released packages, particularly those claiming to provide integrations with trending AI services. Verifying the authenticity of package authors, scrutinizing code before execution, and relying on well-established repositories are essential practices to mitigate risks associated with software supply chain attacks.
Link(s):
https://www.helpnetsecurity.com/202...xploited-to-push-malicious-packages-via-pypi/
https://global.ptsecurity.com/analy...-deepseekai-published-in-python-package-index