CyberSccessory researchers from the Positive Technologies Expert Security Center (PTESC) target a timid malware campaign that is a popular online storage, targeting the Azgar Package Index (PYPI). Azigar Software. The attack focuses on developers, machine learning engineers, and AI enthusiasts who can integrate DPCC AI into their plans.

All this began on January 29, 2025, when a suspicious user named “BVK”, whose account was inactive since its creation in June 2023, uploaded two malicious packages: deepseeek Or deepseekai. These packages were designed to copy legitimate integration with Dippec, but it contained a malicious code that aims to steal sensitive information from the consumer system.

Hackers hide malware in fake depressic papy packages
Maliciously -based depressic packages (via PTSC)

Once installed, harmful packages carried out commands that collected system information and stolen environmental variables. These variables often have important data, such as cloud storage, access to the database, or other infrastructure resources. Subsequently, the stolen information was sent to the Command and Control (C2) server, hosted by the pipederum, a developer on the integration platform.

Interestingly, according to PTESC Blog Post Jointly with Hicdom.com, the attacker appeared to be using AI -powered auxiliary to write his malicious script, as is evidence of code comments that explain his functionality. AI-SENRATED MATERIAL And codes have become an important threat to cyberciction, experts have warned that the risk is only increasing.

The immediate action

After discovering malicious packages, positive technologies immediately alerted PYPI organizers, who quit and deleted packages within an hour. However, during this short window, packages were already downloaded 222 times in different tools and methods in the following countries:

  • Other countries, including Germany, Canada, and Hong Kong, also reported download.

Exploit the popularity of depressic

Although the attack existed before mass damage, it offers important questions about the safety of open source reservoirs. Cyber ​​crims are often monitored by emerging trends and exploits them to deceive consumers. In this instance, The popularity of the depressic Possibly attracted malicious actors to exploit its growing user base.

In a comment on Hackread.com, Jason my shouldersSenior Fellow of Sekigo emphasized the impact of the incident, which states, “This report indicates how the attackers trust the designated conventions and the authentic package within the open source environmental system. Although the risk is rapidly neutralized, it works as a reminder of the growing threats to the supply chain.

Protecting yourself from the same dangers

This event is a good symbol to be careful when downloading and installing the software, especially with public reservoirs such as PYPI. Here are some quick points to help you stay safe:

  • Security Tolls: Use services such as Penalis of Positive Technologies, which monitors PPI for malicious activity in real -time.
  • Confirm the source of the package: Download the package well set up with just a strong reputation. Be careful with the newly uploaded tools, especially those whose names are like popular projects.
  • Scan the dependent: Use tools to analyze the packages code before installing.
  • Monitor environmental variables: Keep an eye on sensitive data stored in your system and limit the exposure of it wherever possible.



Source link