Two malicious packages leveraging the DeepSeek name have been discovered on the Python Package Index (PyPI) package repository, posing a potential threat to developers worldwide. The attack began on January 29, 2025, when an existing account uploaded two packages named “deepseeek” and “deepseekai”. While these packages claimed to be client libraries for accessing the DeepSeek AI API, they actually contained malicious functions designed to collect sensitive user and computer data, including environment variables that may contain valuable API keys and credentials.
According to researchers from Positive Technologies, the author of the malicious packages utilized Pipedream, an integration platform for developers, as the command-and-control server for receiving stolen data. Despite PyPI administrators quickly quarantining the packages within 30 minutes of their upload, the lure of integrating DeepSeek into their systems caused developers to download the malicious packages 36 times from various locations around the world.
Notably, the malicious script used in these packages was generated with the assistance of an AI tool, as indicated by distinct comments within the code. This incident highlights the growing trend of attackers leveraging AI technology to create and distribute malware, capitalizing on popular trends like the widespread interest in DeepSeek’s AI model.
For developers, this serves as a stark reminder to exercise caution when incorporating new packages into their projects, especially those claiming to be wrappers for well-known services. PyPI serves as a central hub for Python packages and is widely used by popular package managers, making it an ideal target for attackers looking to distribute malicious software. While the swift response from PyPI administrators minimized the impact of this particular attack, it underscores the need for developers to remain vigilant against similar threats in the future.
In an era where cyber threats are constantly evolving and becoming more sophisticated, staying informed and proactive is key to safeguarding sensitive information and infrastructure. As technology continues to advance, organizations and individuals must prioritize cybersecurity measures to mitigate risks and protect against malicious actors seeking to exploit vulnerabilities for their gain. By remaining alert and informed, developers can help ensure the integrity and security of their software projects in an increasingly digital landscape.