{"id":1774,"date":"2025-02-04T11:51:11","date_gmt":"2025-02-04T11:51:11","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1774"},"modified":"2025-02-04T11:51:11","modified_gmt":"2025-02-04T11:51:11","slug":"hackers-impersonate-deepseek-to-distribute-malware","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1774","title":{"rendered":"Hackers impersonate DeepSeek to distribute malware"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

To make things worse than they already are for DeepSeek, hackers are found flooding the Python Package Index (PyPI) repository with fake DeepSeek packages carrying malicious payloads.<\/p>\n

According to a discovery made by Positive Expert Security Center (PT ESC), a campaign was seen using this trick to dupe unsuspecting developers, ML engineers, and AI enthusiasts looking to integrate DeepSeek into their projects.<\/p>\n

[ Related: More DeepSeek news and analysis<\/a> ]<\/strong><\/h4>\n

\u201cOn January 29, 2025, a malicious user \u2018bvk\u2019 uploaded two packages: deepseeek and deepseekai,\u201d PT ESC researchers said in a blog post. \u201cFunctions used in these packages are designed to collect user and computer data and steal environment variables.\u201d<\/p>\n

PyPi<\/a> is the official repository for Python packages that the leading Python package managers like pip, piping, and poetry, use.<\/p>\n

<\/a>Hackers used AI assistant to script payload<\/h2>\n

Positive Technologies researchers observed the payloads \u2014 that these packages ran on execution \u2014 were info-stealing binaries, extracting environment\u00a0variables that include sensitive data like API keys for S3, database credentials, and infrastructure access permissions.<\/p>\n

According to the researchers, the authors of the packages used Pipedream, a cloud-based integration and automation platform for developers, as the C2 server to receive stolen data.<\/p>\n

There were indications of inexperience within the scripts used in the payload, including the use of an AI assistant for writing the malicious code which the researchers could tell from the characteristic comments explaining almost each line of code.<\/p>\n

Additionally, the account \u201cbvk\u201d used to upload these packages had been dormant since its creation in June 2023. This fact, itself, should have been a telling sign for developers, believes Mike McGuire, senior security solutions manager at Black Duck.<\/p>\n

In a comment to CSO, McGuire said, \u201cIn their eagerness to leverage DeepSeek in their tasks, many developers missed the \u201cred flag\u201d that they were downloading packages from an account with a limited, poor reputation, and had their environment variables and secrets compromised as a result.\u201d<\/p>\n

In addition to avoiding dependencies with security vulnerabilities, packages should also be checked for poor history, concerning changes from one version to the next, questionable owners, and poor community support, before inclusion, McGuire added.<\/p>\n

<\/a>Although not involved, DeepSeek could see impact<\/h2>\n

While the campaign was not directly linked to any DeepSeek operations or security vulnerabilities, it is quite clear that threat actors moved to use the hype around it.<\/p>\n

\u201cWhile this attack involved the name DeepSeek, it\u2019s important to note that this had nothing to do with the company, or with AI at all,\u201d McGuire noted. \u201cRather, it has everything to do with attackers seeing opportunity in the popularity of AI tools in the development community.\u201d<\/p>\n

The packages were \u201cpromptly\u201d reported to PyPI administrators, which have since been deleted. They were, however, already downloaded 36 times using pip and the bandersnatch mirroring tool, researchers said.<\/p>\n

Additionally, they picked up 186 downloads using the browser, the request library, and other tools. DeepSeek is sure to receive some brand pushback from this, in addition to all that has been going on with the popular Chinese LLM competitor in terms\u00a0of cyberattacks<\/a>, leaks<\/a>, and criticism<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

To make things worse than they already are for DeepSeek, hackers are found flooding the Python Package Index (PyPI) repository with fake DeepSeek packages carrying malicious payloads. According to a discovery made by Positive Expert Security Center (PT ESC), a campaign was seen using this trick to dupe unsuspecting developers, ML engineers, and AI enthusiasts […]<\/p>\n","protected":false},"author":0,"featured_media":1765,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1774"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1774"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1774\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1765"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}