icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Deepseek's Popularity Exploited to Push Malicious Packages via Pypi

Summary:
On January 29, 2025, two malicious Python packages, deepseeek and deepseekai, were uploaded to the PyPI repository, masquerading as legitimate client libraries for interacting with the DeepSeek AI API. In just 30 minutes before they were removed, these packages were downloaded 36 times by developers worldwide. While they appeared to provide API access, they were actually designed to harvest user data, system information, and environment variables, potentially exposing sensitive credentials such as API keys for cloud storage services, database credentials, and other authentication tokens.

According to researchers from Positive Technologies, the attacker leveraged Pipedream, an integration platform commonly used by developers, as the command-and-control (C2) server to collect and manage the stolen data. The malicious script embedded within the packages was found to be partially AI-generated, as indicated by auto-generated comments explaining the code, further demonstrating how threat actors are increasingly using AI tools to assist in creating sophisticated malware.

Security Officer Comments:
PyPI administrators responded swiftly to reports of the malicious packages, quarantining them within 30 minutes of their publication. This quick action prevented widespread distribution and minimized potential damage. However, the attack underscores the increasing exploitation of trusted repositories like PyPI, which serves as the default package source for many popular Python package managers.

Suggested Corrections:
Security researchers urge developers to exercise caution when installing newly released packages, particularly those claiming to provide integrations with trending AI services. Verifying the authenticity of package authors, scrutinizing code before execution, and relying on well-established repositories are essential practices to mitigate risks associated with software supply chain attacks.


Link(s):
https://www.helpnetsecurity.com/202...xploited-to-push-malicious-packages-via-pypi/
https://global.ptsecurity.com/analy...-deepseekai-published-in-python-package-index

Contact Us for Threat Assistance
Back to Current Threats