https://www.kaspersky.com/blog/jarkastealer-in-pypi-packages/52640/
Cybercriminals are leveraging the growing interest in artificial intelligence (AI) to distribute malware. Two malicious Python packages, posing as legitimate tools for accessing OpenAI’s ChatGPT and Anthrophic’s Claude, have been discovered.
These packages, once installed, secretly deploy a dangerous infostealer known as JarkaStealer. The malware is capable of stealing sensitive information such as passwords, cookies, and screenshots.
The deception highlights the risks associated with downloading and installing third-party software, especially from unofficial sources. Users are urged to exercise caution and verify the authenticity of packages before installation.
To protect themselves, users should:
- Verify Package Sources: Only download software from trusted repositories and official websites.
- Check for Reviews and Ratings: Look for reviews and ratings from other users to assess the legitimacy of a package.
- Use Antivirus and Security Software: Keep your system protected with up-to-date antivirus and security software.
- Be Wary of Free Offers: Be cautious of offers that seem too good to be true, especially when it comes to accessing premium AI services.
By following these guidelines, users can significantly reduce their risk of falling victim to such attacks.