HomeCII/OTDeceptive ChatGPT and Claude API Packages Distribute JarkaStealer

Deceptive ChatGPT and Claude API Packages Distribute JarkaStealer

Published on

spot_img

Two Python packages recently discovered on the Python Package Index (PyPI) have been found to contain an infostealer that could potentially affect thousands of victims. These packages were designed to integrate with popular chatbots, promising API access to advanced artificial intelligence capabilities, but instead delivered malware known as “JarkaStealer.”

The malicious packages, named “gptplus” and “claudeai-eng,” were created by a user with the username “Xeroline” on PyPI. Despite claiming to provide access to OpenAI’s GPT-4 Turbo language learning model and Claude, a competitor to OpenAI’s ChatGPT, these packages only offered limited functionality to interact with the demo versions of the chatbots. This deceptive tactic was employed to make the packages appear legitimate to unsuspecting users.

Underneath the surface, the packages contained a JAR file that housed the JarkaStealer malware. JarkaStealer is an infostealer that is available for purchase on the Dark Web for as little as $20, with additional customization options available for a small fee. This malware is designed to steal data, capture screenshots, and extract session tokens from various popular applications like Telegram, Discord, and Steam.

Despite the malicious nature of these packages, they were able to remain on PyPI for over a year before being identified by researchers from Kaspersky. During that time, the packages were downloaded over 1,700 times across Windows and Linux systems in more than 30 countries, with the United States being the most heavily impacted.

However, an analysis of download statistics revealed that the popularity of these packages may have been artificially inflated. The packages experienced a significant drop in downloads after the initial surge, suggesting that the user behind them may have employed tactics to boost their popularity artificially. This tactic is commonly used by attackers to deceive users into trusting the legitimacy of their malicious software.

George Apostopoulos, a founding engineer at Endor Labs, commented on the incident, noting that while security professionals recommend verifying the popularity of a package before downloading it, most users may not take this precaution. As a result, many unsuspecting individuals could have unknowingly installed the infected packages.

In conclusion, the discovery of these malicious Python packages underscores the importance of vigilance when downloading software from third-party repositories. By remaining cautious and staying informed about potential risks, users can better protect themselves from falling victim to malware hidden within seemingly harmless applications.

Source link

Latest articles

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...

Argo CD Vulnerability Highlights the Need to Treat GitOps Infrastructure as Tier Zero

Evaluating Security Measures in GitOps Infrastructure: The Insights from Experts In the realm of modern...

The Shadow AI Issue Begins in the C-Suite

Executives Are More Likely to Use Unapproved AI Tools Than Their Teams A recent report...

More like this

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...

Argo CD Vulnerability Highlights the Need to Treat GitOps Infrastructure as Tier Zero

Evaluating Security Measures in GitOps Infrastructure: The Insights from Experts In the realm of modern...