Malicious packages targeting AI enthusiasts found in PyPI

The Supply Chain Security team at Positive Technologies’ Expert Security Center (PT ESC) discovered and neutralized a malicious campaign in the Python Package Index (PyPI) repository[1]. This attack was aimed at developers, ML engineers, and anyone seeking to integrate DeepSeek into their projects.

The attacker’s account, created in June 2023, remained dormant until January 29, when the malicious packages deepseeek and deepseekai were registered. Once installed, these packages would register console commands. When these commands were executed, the packages began stealing sensitive user data, including information about their computers, and environment variables often containing database credentials and access keys to various infrastructure resources. The attackers used Pipedream, a popular developer integration platform, as their command-and-control server to receive the stolen information.