To make things worse than they already are for DeepSeek, hackers are found flooding the Python Package Index (PyPI) repository with fake DeepSeek packages carrying malicious payloads.According to a discovery made by Positive Expert Security Center (PT ESC), a campaign was seen using this trick to dupe unsuspecting developers, ML engineers, and AI enthusiasts looking to integrate DeepSeek into their projects.”On January 29, 2025, a malicious user ‘bvk’ uploaded two packages: deepseeek and deepseekai,” PT ESC researchers said in a blog post. “Functions used in these packages are designed to collect user and computer data and steal environment variables.”PyPi is the official repository for Python packages that the leading Python package managers like pip, piping, and poetry, use. Positive Technologies researchers observed the payloads, that these packages ran on execution, were info-stealing binaries, extracting environment variables that include sensitive data like API keys for S3, database credentials, and infrastructure access permissions.According to the researchers, the authors of the packages used Pipedream, a cloud-based integration and automation platform for developers, as the C2 server to receive stolen data.There were indications of inexperience within the scripts used in the payload, including the use of an AI assistant for writing the malicious code which the researchers could tell from the characteristic comments explaining almost each line of code.Additionally, the account “bvk” used to upload these packages had been dormant since its creation in June 2023. This fact, itself, should have been a telling sign for developers, believes Mike McGuire, senior security solutions manager at Black Duck.In a comment to CSO, McGuire said, “In their eagerness to leverage DeepSeek in their tasks, many developers missed the “red flag” that they were downloading packages from an account with a limited, poor reputation, and had their environment variables and secrets compromised as a result.”In addition to avoiding dependencies with security vulnerabilities, packages should also be checked for poor history, concerning changes from one version to the next, questionable owners, and poor community support, before inclusion, McGuire added.
Although not involved, DeepSeek could see impact
While the campaign was not directly linked to any DeepSeek operations or security vulnerabilities, it is quite clear that threat actors moved to use the hype around it.”While this attack involved the name DeepSeek, it’s important to note that this had nothing to do with the company, or with AI at all,” McGuire noted. “Rather, it has everything to do with attackers seeing opportunity in the popularity of AI tools in the development community.”The packages were “promptly” reported to PyPI administrators, which have since been deleted. They were, however, already downloaded 36 times using pip and the bandersnatch mirroring tool, researchers said.Additionally, they picked up 186 downloads using the browser, the request library, and other tools. DeepSeek is sure to receive some brand pushback from this, in addition to all that has been going on with the popular Chinese LLM competitor in terms of cyberattacks, leaks, and criticism.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3816397/hackers-impersonate-deepseek-to-distribute-malware.html
