The rise of DeepSeek has triggered malicious activities, including the injection of information-stealing malware into the Python Package Index (PyPI). Researchers from Positive Technologies discovered two such packages disguising themselves as legitimate developer tools. These packages are designed to capture sensitive information from developers, such as database credentials and API keys. Security experts emphasize the need for rigorous package verification practices, given that attackers exploit the open-source ecosystem's trust in legitimate sources, highlighting the growing risks associated with software supply chains.
The rise of DeepSeek has led malicious actors to exploit its popularity, utilizing information-stealing packages on PyPI disguised as developer tools.
Collection
[
|
...
]