Malicious Packages Impersonating DeepSeek AI Found on PyPI
/ 1 min read
🕵️♀️💼 Malicious Infostealer Packages Disguised as DeepSeek AI Tools Found on PyPI. Threat actors have exploited the popularity of the DeepSeek AI platform by uploading two malicious infostealer packages, “deepseeek” and “deepseekai,” to the Python Package Index (PyPI). These packages, masquerading as developer tools, were linked to a recently popular Chinese AI startup and were uploaded by an inactive account. Researchers from Positive Technologies reported that the packages, once executed, stole sensitive data such as API keys and database credentials, exfiltrating it to a command and control server. Despite swift action from PyPI to remove the packages, 222 developers had already downloaded them, prompting warnings to rotate credentials and check for potential compromises in their cloud services.
