DeepSeek AI Tools Impersonated by Infostealer Malware on PyPI
DeepSeek AI tools were impersonated by infostealer malware on PyPI. Two malicious packages, “deepseeek” and “deepseekai,” were discovered, which stole sensitive data from developers who downloaded them. The malware, uploaded from an inactive account, exfiltrated user credentials to a command and control server. Despite being reported and taken down quickly, 222 developers downloaded the packages, mostly from the U.S. Affected users are urged to change their API keys and credentials to prevent further compromise.