Should this not be surprising, DeepSeek now being abused

Malicious artificial intelligence

We can really try to blame those people looking for DeepSeek who want to use it in their projects if that is what they want to do, however, with as many people that downloaded the malicious programs before it was blocked and removed can’t be blamed directly.

While the number was small in this case with under 1,000 (number revealed later) its only a kick in the bucket.

Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform.

Nothing new here, right? Pretty typical for those who want to take advantage, we’ve seen this with tons os stuff.

In the following paragraph, it might be best to use your access tech to spell these names, as we know its mispronouncing it, but it might help.

The packages were named “deepseeek” and “deepseekai” after the Chinese artificial intelligence startup, developer of the R1 large-language model that recently saw a meteoric surge in popularity.

For those who may not be able to tell the difference, DeepSeek has three E’s in the first, and in the second; it is spelled DeepSeek AI as one word. So, of course, if you are not familiar with the initial program which is DeepSeek (deep seek with the d and s capitalized) than you will be trapped in to believing this if another campaign comes out.

Interestingly, the packages were uploaded by an “aged” account created in June 2023 with no prior activity.

This is interesting to me. Why would you have an account somewhere that has shown its age and then fianlly post something? Probably to see if it can get past detections since its an account that has never posted anything before. It makes sense!

With no suprise

Once executed on the developer’s machine, the malicious payload stole user and system data as well as environment variables such as API keys, database credentials, and infrastructure access tokens.

Should we also be surprised that it was to be exfiltrated in the form of specific data if that is what the malware wanted to do?

Next, the stolen information was exfiltrated to a command and control (C2) server at eoyyiyqubj7mquj.m.pipedream[.]net using Pipedream, a legitimate automation platform.
Malicious payload

Malicious payload

The image shows a snippet of Python code. It imports the `requests`, `warnings`, and `os` modules. The code defines a `send_get_request` function that constructs a URL, extracts user and system information using OS commands, and sends a POST request with these details as a JSON payload. It uses `warnings.filterwarnings` to ignore warnings and handles potential exceptions by ignoring them. A `main` function is present to call `send_get_request`. The URL used is an example placeholder.
If a developer were to run this which some have, resources could be exfiltrated without their knowledge.

“The payload is executed when the user runs the commands deepseeek or deepseekai (depending on the package) in the command-line interface.”

“Environment variables often contain sensitive data required for applications to run, for example, API keys for the S3 storage service, database credentials, and permissions to access other infrastructure resources.”

deepseeek 0.0.8 PyPi listing

Positive Technologies quickly discovered and reported them to PyPI, which quarantined and blocked downloads of the packages, followed by their complete deletion from the platform.

Despite the quick detection and response, 222 developers downloaded the two packages, most from the United States (117), followed by China (36), Russia, Germany, Hong Kong, and Canada.

Those developers who utilized these packages should immediately rotate their API keys, authentication tokens, and passwords, as they may now be compromised.

Any cloud services whose credentials were stolen should also be checked to confirm they were not compromised as well.

To read the entire article, please read DeepSeek AI tools impersonated by infostealer malware on PyPI and if you’re here for the first time, please peruse the blog to see other articles where popularity can get people in to trouble.

Make it a great day!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.