A sneaky malware campaign targeting the Python Package Index ( PyPI), a well-known online repository for Python software, has been discovered by cybersecurity researchers at the Positive Technologies Expert Security Center ( PT ESC )  . The attack focused on developers, machine learning engineers, and AI enthusiasts who may combine DeepSeek AI into their projects.
It all began on January 29, 2025, when a suspicious user named “bvk,” whose account had been inactive since its creation in June 2023, uploaded two malicious packages: deepseeek or deepseekai. These packages were designed to mimic legitimate integrations with DeepSeek but contained malicious code aimed at stealing sensitive information from users’ systems.
When installed, the dangerous plans ran commands that gathered program data and snared environment variables. These factors usually contain vital data, such as credentials for cloud storage, database access, or other network resources. The stolen information was then sent to a command-and-control ( C2 ) server hosted on Pipedream, a developer integration platform.
Ironically, according to PT ESC’s shared with Hackread.com, the attackers appeared to use an AI-powered assistant to create their destructive script, as evidenced by the game’s comments explaining its features. Experts warn that the risk is only getting worse because of AI-generated glad and codes, which have become a major cybersecurity threat.
Easy Action
Good Technologies immediately alerted PyPI officials after discovering the malignant packages, who quarantined and removed them in less than an hour. However, during that brief windows, the plans had already been installed 222 times across several tools and methods in the following countries:
- US: 117 downloads
- China: 36 downloads
- Russia: 12 downloads
- Other countries, including Germany, Canada, and Hong Kong, also reported downloads.
Exploiting DeepSeek’s Popularity
Although the attack was contained before causing large-scale harm, it presents important questions about the security of open-source repositories. Cryptocriminals frequently use emerging trends to deceive unaware users. In this instance, malicious actors were likely to take advantage of DeepSeek’s growing user base because of its popularity.
In a comment to Hackread.com, , Senior Fellow at Sectigo, emphasized the impact of this incident stating,” This report underscores how attackers exploit trusted naming conventions and the reliance on authentic package sources within the open-source ecosystem. Although the threat was quickly removed, it serves as a reminder of the growing dangers associated with software supply chains.
Defending Yourself from Similar Threats
This incident is a good illustration of caution when downloading and installing software, particularly from publicly accessible repositories like PyPI. A few quick safety advices are provided below:
- Security Tools: Use services like Positive Technologies ‘ PyAnalysis, which monitors PyPI for malicious activity in real-time.
- Verify Package Sources: Only download well-established packages with a strong reputation. Be wary of newly uploaded tools, especially those that have names that resemble those used in well-known projects.
- Scan Dependencies: Use tools to analyze the code of packages before installing them.
- Monitor Environment Variables: Monitor sensitive information stored in your system and try to limit its exposure where possible.