Cybercriminals are taking the popularity of AI models to the next level by exploiting trust in open-source platforms like the Python Package Index (PyPI). Researchers recently discovered two malicious Python libraries, gptplus and claudeai-eng, which impersonated OpenAI’s ChatGPT and Anthropic’s Claude to deliver a stealthy information stealer named JarkaStealer.
These libraries were downloaded over 3,500 times, demonstrating the risks of supply chain attacks and the importance of vigilance when integrating third-party libraries into development workflows.
How JarkaStealer Works
The attack begins with unsuspecting developers installing the fake PyPI libraries, believing they offer access to APIs for GPT-4 Turbo or Claude AI. Instead, these libraries contained malicious Base64-encoded code in the init.py file, which:
Downloads a Java archive file (JavaUpdater.jar) from GitHub.
Installs the Java Runtime Environment (JRE) if it’s not already present.
Executes JarkaStealer, which starts stealing sensitive information.
What Does JarkaStealer Steal?
JarkaStealer is a Java-based malware with extensive capabilities:
Browser Data: Saved passwords, cookies, and autofill details.
System Information: Detailed specs of the infected system.
Session Tokens: Stolen from applications like Telegram, Discord, and Steam.
Screenshots: Captures visual data from the user’s system.
The stolen information is compressed, sent to the attacker’s server, and deleted to cover its tracks.
The Malware-as-a-Service (MaaS) Angle
JarkaStealer isn’t just a one-off threat. It’s being distributed as part of a Malware-as-a-Service (MaaS) model via a Telegram channel. The service sells access to the malware for as little as $20 to $50, making it accessible to a broad audience of cybercriminals. Additionally, the source code has been leaked on GitHub, increasing the likelihood of future attacks.
A Global Impact
Statistics from ClickPy reveal the geographical reach of these malicious libraries, with downloads from users in:
The U.S., China, India, France, Germany, and Russia.
The widespread nature of the attack highlights the vulnerabilities in the software supply chain and the global consequences of unvetted code.
Defensive Measures: How to Protect Yourself
To defend against supply chain attacks like this, developers and organizations should take these steps:
Vet Third-Party Libraries: Only use packages from trusted and verified sources.
Monitor Dependencies: Continuously track your software dependencies for changes or new vulnerabilities.
Implement Scanning Tools: Use tools that detect malicious code in packages before integrating them.
Educate Teams: Train developers to identify phishing attempts and suspicious libraries.
Apply Least Privilege Principles: Limit permissions for libraries to reduce potential damage.
Comments