Malicious Packages Disguised as DeepSeek bY Python Package Index
Security researchers have discovered malicious Python Package Index (PyPi) packages masquerading as DeepSeek-related tools, containing harmful infostealers designed to steal sensitive information. The deceptive packages, labeled “deepseekai” and “deepseeek,” were identified by cybersecurity experts at Positive Technologies, who warned that similar threats may exist on other platforms.
The attack primarily targeted developers, machine learning engineers, and AI enthusiasts who might be interested in integrating DeepSeek into their projects. The malicious packages were crafted to appear legitimate, tricking users into installing them without suspicion. According to researchers, these packages had been planted in PyPi by an attacker using the account name “bvk,” which had remained inactive since its creation in June 2023 before launching this campaign on January 29.
Infostealers Designed to Exploit Developers
Python Package Index Said Once installed, both “deepseekai“ and “deepseeek” deployed infostealers capable of extracting sensitive credentials, including API keys, database login details, and system permissions. This type of attack poses a significant risk, as stolen credentials can be exploited for further intrusions, financial fraud, or unauthorized access to critical systems.
Although PyPi has removed these malicious packages, researchers found that they had already been downloaded 36 times via the pip package manager and Bandersnatch mirroring tool, and another 186 times through direct browser downloads. These numbers highlight the growing security risks faced by developers who rely on open-source repositories for software dependencies.
Security Experts Urge Caution
Cybersecurity professionals caution that attackers frequently exploit trending topics and widely used tools to distribute malware. Tim Erlin, vice president of product at Wallarm, emphasized the importance of skepticism when downloading software from repositories like PyPi. “Sometimes API keys aren’t leaked, they’re just plain stolen,” Erlin stated. “This incident is a good example of attackers taking advantage of the prevailing news cycle. Anytime you’re doing something popular, whether clicking on a link or installing a PyPi package, it’s best to approach the task with a healthy dose of skepticism.”
Experts advise developers to verify the legitimacy of packages before installation, use security tools to detect malicious dependencies, and stay vigilant against emerging threats in open-source ecosystems.
