The rise of AI tools has opened new opportunities for developers but also new risks. Recently, security researchers uncovered malicious packages on PyPI impersonating DeepSeek AI tools, aiming to steal sensitive information from unsuspecting users.
According to Positive Technologies, two packages named “deepseeek” and “deepseekai” were uploaded to PyPI on January 29, 2025. These were disguised as Python clients for DeepSeek AI but contained infostealer malware. Once executed, they exfiltrated environment variables—including API keys, database credentials, and authentication tokens—to a command-and-control server via Pipedream, an automation platform.
The attack method was deceptive but effective. The threat actors used an “aged” PyPI account, created in June 2023, giving it a layer of credibility. Within a short time, 222 developers had downloaded these packages, with most victims located in the United States, China, and Russia. Fortunately, PyPI acted swiftly, blocking and deleting the malicious uploads. However, developers who installed them are advised to rotate their API keys, reset authentication credentials, and audit their cloud services for unauthorized access.
This incident underscores the growing risks of supply chain attacks in the open-source ecosystem. Threat actors increasingly exploit developer trust in package repositories to distribute malware. Vigilance is key—always verify package authors, review code where possible, and rely on official sources for critical dependencies.