Beware of Fake DeepSeek PyPI packages that Delivers Malware

The Positive Technologies Expert Security Center (PT ESC) recently uncovered a malicious campaign targeting the Python Package Index (PyPI) repository.

The campaign involved two packages, named deepseeek and deepseekai, designed to collect sensitive user data and environment variables.

These packages exploited the growing interest in AI and machine learning tools, particularly targeting developers and AI enthusiasts.

The attack, orchestrated by a user under the alias “bvk,” began on January 29, 2025.

The account had been dormant since its creation in June 2023, raising red flags about its origin.

The malicious payload embedded in the packages activates when users execute commands associated with the respective packages.

Once triggered, the payload collects sensitive data such as API keys, credentials, and access tokens stored in environment variables.

These variables play a critical role in enabling application functionalities and accessing infrastructure resources.

Both packages utilized Pipedream, a developer integration platform, as their command-and-control (C2) server to transmit stolen data.

Analyzing the script revealed it was partially generated with the assistance of AI, evident from characteristic in-code comments.

The Attack Chain

The deepseek package was first uploaded at 15:52 UTC on January 29, followed shortly by deepseek ai at 16:13 UTC.

Within 30 minutes, PT ESC researchers flagged the packages as malicious and informed PyPI administrators, who swiftly quarantined them.

By 16:41 UTC, the deepseeek package was removed, followed by the deletion of deepseekai shortly after.

Despite the prompt response, the packages were downloaded multiple times before removal.

PyPI’s logs reveal 222 downloads across various countries, including the U.S., China, Russia, and Germany.

The downloads occurred via various methods, including pip, bandersnatch, and manual browser access.

The United States accounted for the majority of downloads, followed by China and Russia.

While the campaign was not particularly sophisticated, it serves as a cautionary tale about how cybercriminals exploit trending technologies to deceive unsuspecting users.

As AI tools like DeepSeek gain popularity, attackers will continue leveraging such opportunities.

Fortunately, PT ESC’s PT PyAnalysis tool, designed to monitor PyPI for suspicious activity in real time, played a pivotal role in uncovering these packages before significant harm could occur.

Developers and security teams are advised to exercise heightened caution when integrating newly released PyPI packages into their workflows.

Verify the credibility of package maintainers and utilize automated tools to flag suspicious activity.

As the cybersecurity landscape continues to evolve, vigilance remains the best defense against supply chain threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free