DeepSeek AI tools impersonated by infostealer malware on PyPI www.bleepingcomputer.com/news/secu…

Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform.

The packages were named “deepseeek” and “deepseekai” after the Chinese artificial intelligence startup, developer of the R1 large-language model that recently saw a meteoric surge in popularity. Interestingly, the packages were uploaded by an “aged” account created in June 2023 with no prior activity.

According to Positive Technologies researchers who discovered the campaign and reported it to PyPI, the packages posing as Python clients for DeepSeek AI were infostealers that stole data from developers who utilized them. Once executed on the developer’s machine, the malicious payload stole user and system data as well as environment variables such as API keys, database credentials, and infrastructure access tokens.