Beware of Fake DeepSeek PyPI packages that Delivers Malware
gbhackersThe Positive Technologies Expert Security Center (PT ESC) recently uncovered a malicious campaign targeting the Python Package Index (PyPI) repository.
The campaign involved two packages, named deepseeek and deepseekai, designed to collect sensitive user data and environment variables.
These packages exploited the growing interest in AI and machine learning tools, particularly targeting developers and AI enthusiasts.
The attack, orchestrated by a user under the alias “bvk,” began on January 29, 2025.
The account had been dormant since its creation in June 2023, raising red flags about its origin.
The malicious payload embedded in the packages activates when users execute commands associated with the respective packages.

Once triggered, the payload collects sensitive data such as API keys, credentials, and access tokens stored in environment variables.
These variables play a critical role in enabling application functionalities and accessing infrastructure resources.
Both packages utilized Pipedream, a developer ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE