The Supply Chain Security team at Positive Technologies’ Expert Security Center (PT ESC) discovered and neutralized a malicious campaign in the Python Package Index (PyPI) repository[1]. This attack was aimed at developers, ML engineers, and anyone seeking to integrate DeepSeek into their projects.
The attacker’s account, created in June 2023, remained dormant until January 29, when the malicious packages deepseeek and deepseekai were registered. Once installed, these packages would register console commands. When these commands were executed, the packages began stealing sensitive user data, including information about their computers, and environment variables often containing database credentials and access keys to various infrastructure resources. The attackers used Pipedream, a popular developer integration platform, as their command-and-control server to receive the stolen information.
Stanislav Rakovsky, Head of Supply Chain Security at PT ESC, explained:“Cybercriminals are always looking for the next big thing to exploit, and DeepSeek’s popularity made it a prime target. What’s particularly interesting is that the malicious code appears to have been generated with the help of an AI assistant, based on comments within the code itself. The malicious packages were uploaded to the popular repository on the evening of January 29. Thanks to the vigilance of PT PyAnalysis, Positive Technologies’ automated malicious package detection service, the threat was identified and neutralized within minutes. Despite the rapid response, the packages had been downloaded over 200 times.”
Given the heightened interest in DeepSeek, this attack could have resulted in numerous victims if the malicious activity had gone unnoticed for longer. Experts at Positive Technologies strongly recommend being more attentive to new and unknown packages and using PT PyAnalysis. PT PyAnalysis provides real-time monitoring of newly released packages published by PyPI users, offering an essential layer of defense against malicious actors.
