Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Developers Targeted With Malware Disguised as DeepSeek Package

Python developers looking to integrate DeepSeek into their projects were targeted with malicious packages delivered through PyPI.

DeepSeek phishing

Threat researchers have come across two malicious Python packages offered as resources for integrating the Chinese AI model DeepSeek into software projects.

The malicious packages, named ‘deepseeek’ and ‘deepseekai’, were uploaded to the Python Package Index (PyPI) package repository by a user named ‘bvk’ on January 29. 

The fake DeepSeek packages were detected in minutes by cybersecurity firm Positive Technologies and PyPI administrators removed them within an hour of their publishing. 

However, they were still downloaded more than 200 times before they were removed, including over 100 times from the United States. 

An analysis showed that the fake DeepSeek packages hid malicious functions designed to collect user and system data, as well as environment variables.

“Environment variables often contain sensitive data required for applications to run, for example, API keys for the S3 storage service, database credentials, and permissions to access other infrastructure resources,” Positive Technologies noted.

The malware is designed to send the stolen data to a command and control server through the Pipedream integration platform. 

“It’s worth mentioning that the script was written with the help of an AI assistant, which is indicated by the characteristic comments explaining the lines of code,” the security firm said.

Advertisement. Scroll to continue reading.

The attack was likely aimed at developers, ML engineers or AI enthusiasts, according to Positive Technologies. 

“Cybercriminals always monitor the current trends and will try to take advantage of them at the right moment. In this case, we analyzed a relatively harmless attack, although due to the hype around DeepSeek, there could be a lot more victims if the malicious package activity stayed hidden for longer,” the company said.

Security firm ESET has also seen scams and malware delivery leveraging DeepSeek’s newly gained notoriety. In one case, a fake DeepSeek website delivered digitally signed malware to users who clicked a ‘download now’ button.

Related: DeepSeek Compared to ChatGPT, Gemini in AI Jailbreak Test

Related: DeepSeek Security: System Prompt Jailbreak, Details Emerge on Cyberattacks

Related: Unprotected DeepSeek Database Exposed Chats, Other Sensitive Information

Related: What is DeepSeek, the Chinese AI Company Upending the Stock Market?

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.