Cybersecurity researchers discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that mimicked popular artificial intelligence (AI) models such as OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
Packages, no gptplus and claudeai-engwere uploaded by a user named “Xeraline” in November 2023, attracting 1748 and 1826 downloads respectively. Both libraries are no longer available for download from PyPI.
“The malicious packages were uploaded to the repository by the same author and essentially differed from each other only in name and description,” – Kaspersky said in the post.
The packages were supposed to offer a way to access the GPT-4 Turbo API and the Claude AI API, but contained malicious code that initiated the deployment of the malware after installation.
Specifically, the “__init__.py” file in these packages contained Base64-encoded data containing code to download a Java archive file (“JavaUpdater.jar”) from a GitHub repository (“github(.)com/imystorage/storage”) . It also downloads the Java Runtime Environment (JRE) from the Dropbox URL, if Java is not already installed on the host, before running the JAR file.
The JAR file is a Java-based information stealing program called JarkaStealer that can steal a wide range of sensitive information, including web browser data, system data, screenshots, and session tokens from various applications such as Telegram, Discord, and Steam.
In the final step, the collected information is archived, transmitted to the attacker’s server, and then deleted from the victim’s machine. JarkaStealer was found to be offered as part of a malware-as-a-service (MaaS) model via Telegram channel somewhere between $20 and $50, although its source code was leaked on GitHub.
Statistics from ClickPy show that the packages were mostly downloaded by users from the US, China, India, France, Germany and Russia as part of a year-long supply chain attack campaign.
“This discovery highlights the persistent risks of attacks on software supply chains and underscores the critical need for vigilance when integrating open source components into development processes,” Kaspersky researcher Leonid Byazvarshenko said.
