Python packages posing as DeepSeek contain nasty surprise


Malicious packages are infecting Python repositories and target developers and engineers looking to integrate DeepSeek into their work.

DeepSeek has recently upended the artificial intelligence (AI) community, leading tech giants scrambling to advance their AI models and users desperate to try out the latest tech.

Amidst the hype, bad actors are looking to exploit those who want to integrate DeepSeek into their operations.

ADVERTISEMENT

Researchers at Positive Technologies have discovered and prevented a malicious campaign affecting the Python Package Index (PyPI) package repository.

The attack targeted developers, machine learning engineers, and AI enthusiasts intending to use DeepSeek’s AI technology to streamline projects.

The researchers identified the user who crafted the attack as “bvk,” an account created in June 2023. One warning sign was that bvk hadn’t previously uploaded or contributed anything to the PyPI package repository.

But, this changed in January 2025, as the user uploaded two packages called “deepseeek” and “deepseekai.”

The ‘Deepseekai’ project was advertised as a “Python client for DeepSeek AI API – access large language models and AI services,” which would allow developers’ code to interact with DeepSeek’s services.

The ‘Deepseeek’ project was supposedly a ‘DeepSeek API client,’ which would allow developers to use and employ DeepSeek’s services in their Python projects.

Researchers identified these packages as illegitimate and found that they were designed to steal user and computer data, as well as environment variables.

Environment variables often contain sensitive information that is integral for running apps (e.g., API keys for security, database connection details, and system paths).

ADVERTISEMENT

Unsuspecting users who run the commands ‘deepseeek’ or ‘deepseekai’ in the command line may not realize that they’ve downloaded malicious code that is running in the background.

This payload would secretly execute harmful code that, in this context, would steal data from unsuspecting devs.

One notable aspect of the malicious code that researchers identified is that the author used AI to help write the script.

Researchers notified administrators and the packages were promptly deleted. Despite this, the packages were downloaded more than 220 times.

Niamh Ancell BW Ernestas Naprys justinasv jurgita
Get our latest stories today on Google News

Bad actors poisoning repositories

The number of malicious packages found in open-source repositories like JavaScript (npm) and Python (PyPI) has surged recently.

After analyzing over seven million open-source projects, researchers found malware in seven percent of the packages.

“Over 512,847 malicious packages have been logged just in the past year, a 156% increase year-over-year, highlighting a critical need for organizations to adapt their consumption practices,” Sonatype warns.

Up to 90% of modern software now relies on open-source components. This year alone, such packages were downloaded more than 6.6 trillion times. Yet, out of over seven million available packages, only 10.5% of open code is actively used in development.

ADVERTISEMENT