Summary: Threat actors exploited the popularity of DeepSeek to upload two malicious infostealer packages, “deepseeek” and “deepseekai”, on the Python Package Index (PyPI). These packages, masquerading as developer tools, stole sensitive information from developers’ machines, including API keys and database credentials, before exfiltrating the data to a command and control server. Although the packages were quickly quarantined by PyPI, around 222 developers had already downloaded them, prompting a warning for potential security breaches.
Affected: Python Package Index (PyPI)
Keypoints :
- Malicious packages impersonated developer tools for the AI platform DeepSeek.
- Exfiltrated data included sensitive user and system information, API keys, and credentials.
- 222 developers downloaded the packages before they were detected and removed.