Researchers at the Positive Technologies Expert Security Center ( PT ESC ) have discovered a shady malware campaign that targets the Python Package Index ( PyPI), a well-known online repository for Python software. The attack focused on developers, machine learning engineers, and AI enthusiasts who may combine DeepSeek AI into their projects.
It all began on January 29, 2025, when a suspicious user named “bvk,” whose account had been inactive since its creation in June 2023, uploaded two malicious packages: deepseeek
or deepseekai
. These packages were designed to mimic legitimate integrations with DeepSeek but contained malicious code aimed at stealing sensitive information from users’ systems.
Once installed, the dangerous plans ran commands that gathered program data and snared environment variables. These factors usually contain vital data, such as credentials for cloud storage, database access, or other network resources. The stolen information was then sent to a command-and-control ( C2 ) server hosted on Pipedream, a developer integration platform.
Incidentally, according to PT ESC’s shared with Hackread.com, the attackers appeared to use an AI-powered assistant to create their destructive script, as evidenced by the game’s comments explaining its features. Experts warn that the risk is only growing as AI-generated information and rules have become a major cybersecurity threat.
Short Action
Good Technologies immediately alerted PyPI officials after discovering the malignant packages, who quarantined and removed them in less than an hour. However, during that brief window, the packages had already been installed 222 occasions across different tools and methods in the subsequent countries:
- US: 117 downloading
- China: 36 files
- Russia: 12 files
- Other countries, including Germany, Canada, and Hong Kong, also reported downloading.
Exploiting DeepSeek’s Acceptance
Although the strike was contained before causing large-scale hurt, it presents significant concerns about the safety of open-source libraries. Cryptocriminals usually use emerging trends to deceive unaware users. In this instance, malicious actors were likely to take advantage of DeepSeek’s growing customer base by exploiting its popularity.
In a post to Hackread.com, , Senior Fellow at Sectigo, emphasized the effect of this event stating,” This report underscores how attackers exploit trusted naming conventions and the reliance on traditional deal sources within the open-source ecosystem. Although the threat was quickly removed, it serves as a reminder of the growing dangers associated with software supply chains.
Defending Yourself from Similar Threats
This incident is a good example of caution when downloading and installing software, particularly from publicly accessible repositories like PyPI. A few quick safety advices are provided below:
- Security Tools: Use services like Positive Technologies ‘ PyAnalysis, which monitors PyPI for malicious activity in real-time.
- Verify Package Sources: Only download well-established packages with a strong reputation. Be wary of newly uploaded tools, especially those that have names that resemble those used in well-known projects.
- Scan Dependencies: Use tools to analyze the code of packages before installing them.
- Monitor Environment Variables: Monitor sensitive information stored in your system and try to limit its exposure where possible.