Saturday, December 7, 2024
HomeChatGPTTwo PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data

Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data

Published on

SIEM as a Service

Two malicious Python packages masquerading as tools for interacting with popular AI models ChatGPT and Claude were recently discovered on the Python Package Index (PyPI), the official repository for Python libraries.

These packages reportedly remained undetected for over a year, silently compromising developer environments and exfiltrating sensitive data.

As reported by a cybersecurity researcher, Leonid via X, the malicious packages were designed to exploit the growing popularity and adoption of AI tools in development workflows.

- Advertisement - SIEM as a Service

PyPi Malicious Package

Developers, eager to integrate ChatGPT and Claude into their projects, were unknowingly installing these malicious packages, believing them to be legitimate resources for engaging with OpenAI and Anthropic’s language models.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

The packages, whose names have not yet been disclosed, operated by mimicking legitimate libraries, providing seemingly functional capabilities while embedding hidden malicious scripts.

These scripts exfiltrated sensitive information, including API keys, credentials, and possibly proprietary code, directly from developers’ systems to external servers controlled by the attackers.

The researcher emphasized that these packages managed to evade detection for over a year, highlighting significant challenges in securing open-source ecosystems.

The PyPI repository, a cornerstone for Python development, has faced increasing scrutiny in recent years due to the rise of malicious actors exploiting its openness.

This breach has sent shockwaves through the development community, as it underscores the potential risks of relying on unverified third-party libraries.

Developers are urged to immediately audit their dependencies and review any recent installations of AI-related packages.

PyPI maintainers are reportedly working to remove malicious packages and strengthen security protocols to prevent similar incidents in the future.

Experts recommend that developers adopt best practices, including verifying package authenticity, using virtual environments, and employing automated dependency scanners to detect vulnerabilities.

Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory

Security researchers have identified a significant vulnerability dubbed "DaMAgeCard Attack" in the new SD...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...