MOSCOW, January 31. /TASS/. Hackers are using malicious data packages disguised as the Chinese chatbot DeepSeek for attacks on web developers and tech enthusiasts, the information security company Positive Technologies told TASS.
The packages, named deepseek and deepseekai, were uploaded to the Python Package Index (PyPI) data repository. PyPI is a popular repository used by Python developers. It is publicly available and contains thousands of files.
After installing the fake packages, the user's personal information, device data, and so-called environment variables are stolen - they may contain confidential data. The files have been downloaded more than 200 times.
"Due to the increased interest in the DeepSeek service, this attack could have resulted in a large number of victims if the malicious activity of the package had remained undetected for longer," Positive Technologies said. The security firm has recently prevented one of these attacks.
The malicious code itself was also created with the help of an AI assistant, said Stanislav Rakovsky, head of the Supply Chain Security group of the Threat Intelligence department of the Positive Technologies security expert center. The packages were uploaded on January 29, but they were quickly detected and subsequently deleted by administrators.
On January 20, China’s DeepSeek released a new version of the R1 chatbot, supposed to be an improvement over OpenAI’s flagship ChatGPT. The developers of the Chinese chatbot, however, spent far less to create their product than OpenAI, experts said.