Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » ChatGPT, Claude Impersonators deliver JarkaStealer via Python libraries
Global Security

ChatGPT, Claude Impersonators deliver JarkaStealer via Python libraries

AdminBy AdminNovember 22, 2024No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


November 22, 2024Ravi LakshmananArtificial Intelligence / Malware

Cybersecurity researchers discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that mimicked popular artificial intelligence (AI) models such as OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.

Packages, no gptplus and claudeai-engwere uploaded by a user named “Xeraline” in November 2023, attracting 1748 and 1826 downloads respectively. Both libraries are no longer available for download from PyPI.

“The malicious packages were uploaded to the repository by the same author and essentially differed from each other only in name and description,” – Kaspersky said in the post.

The packages were supposed to offer a way to access the GPT-4 Turbo API and the Claude AI API, but contained malicious code that initiated the deployment of the malware after installation.

Specifically, the “__init__.py” file in these packages contained Base64-encoded data containing code to download a Java archive file (“JavaUpdater.jar”) from a GitHub repository (“github(.)com/imystorage/storage”) . It also downloads the Java Runtime Environment (JRE) from the Dropbox URL, if Java is not already installed on the host, before running the JAR file.

Cyber ​​security

The JAR file is a Java-based information stealing program called JarkaStealer that can steal a wide range of sensitive information, including web browser data, system data, screenshots, and session tokens from various applications such as Telegram, Discord, and Steam.

In the final step, the collected information is archived, transmitted to the attacker’s server, and then deleted from the victim’s machine. JarkaStealer was found to be offered as part of a malware-as-a-service (MaaS) model via Telegram channel somewhere between $20 and $50, although its source code was leaked on GitHub.

Statistics from ClickPy show that the packages were mostly downloaded by users from the US, China, India, France, Germany and Russia as part of a year-long supply chain attack campaign.

“This discovery highlights the persistent risks of attacks on software supply chains and underscores the critical need for vigilance when integrating open source components into development processes,” Kaspersky researcher Leonid Byazvarshenko said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025

CISCO’s critical vulnerability in uniform grants on root access to static credentials

July 3, 2025

North Korean Hackers Target Web3 with malicious NIM software and use Clickfix in Babyshark

July 2, 2025

Hackers using PDFs to get yourself for Microsoft, Docusign and more in phishing campaigns return call

July 2, 2025

This network traffic looks legal but it can hide a serious threat

July 2, 2025

US Sanctions of Russia

July 2, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Massive Android fraud operations are detected: iconade, kaleidoscope, malicious SMS software, NFC scams

July 3, 2025

Chinese hackers operate Ivanti CSA Zero-Days in attacks on the French government, telecommunications

July 3, 2025

More than 40 malicious Firefox extensions target cryptocurrency wallets, steel assets

July 3, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.