FlagThis

Two malicious Python packages, named "deepseeek" and "deepseekai", were recently discovered on the Python Package Index (PyPI). These packages were designed to mimic client libraries for the DeepSeek AI API. However, researchers found that they contained malicious code intended to collect user and computer data, as well as environment variables that could expose sensitive information like API keys and database credentials. The packages were quickly reported to and quarantined by PyPI administrators, but were downloaded 36 times in their brief availability.

These malicious packages used Pipedream, an integration platform, as a command-and-control server to receive stolen data. The incident highlights the increasing trend of attackers exploiting the popularity of AI tools like DeepSeek and the growing use of AI in creating malicious payloads. Researchers advise developers to exercise caution when using newly released packages, especially those posing as wrappers for popular services, and to verify the authenticity of software packages before installation.

ImgSrc: img.helpnetsecu

References :

• www.helpnetsecurity.com: Help Net Security article on DeepSeek's popularity being exploited to push malicious packages via PyPI.
• Help Net Security: DeepSeek’s popularity exploited to push malicious packages via PyPI

Classification:

• HashTags: #PyPI #MaliciousPackages #SoftwareSupplyChain
• Target: Python developers and users
• Product: Python packages
• Feature: Software package management
• Malware: deepseeek, deepseekai
• Type: Malware
• Severity: Medium