PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries
Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
The packages, named gptplus and claudeai-eng, were uploaded by a user named "Xeroline" in November 2023, attracting 1,748 and 1,826 downloads, respectively. Both libraries are no longer available for download from PyPI.
"The malicious packages were uploaded to the repository by one author and, in fact, differed from each other only in name and description," Kaspersky said in a post.
The packages purported to offer a way to access GPT-4 Turbo API and Claude AI API, but harbored malicious code that initiated the deployment of the malware upon installation.
Specifically, the "__init__.py" file in these packages contained Base64-encoded data that contained code to download a Java archive file ("JavaUpdater.jar") from a GitHub repository ("github[.]com/imystorage/storage"). It also downloads the Java Runtime Environment (JRE) from a Dropbox URL if Java is not already installed on the host, before running the JAR file.
The JAR file is a Java-based information stealer called JarkaStealer that can steal a wide range of sensitive information, including web browser data, system data, screenshots, and session tokens from various applications like Telegram, Discord, and Steam.
In the final step, the collected information is archived, transmitted to the attacker's server, and then deleted from the victim's machine. JarkaStealer has been found to be offered under a malware-as-a-service (MaaS) model via a Telegram channel for anywhere between $20 and $50, although its source code has been leaked on GitHub.
Statistics from ClickPy show that the packages were downloaded mainly by users located in the U.S., China, India, France, Germany, and Russia as part of the year-long supply chain attack campaign.
"This discovery underscores the persistent risks of software supply chain attacks and highlights the critical need for vigilance when integrating open-source components into development processes," Kaspersky researcher Leonid Bezvershenko said.
Windows 11 KB5046740 update released with 14 changes and fixes
Microsoft, Meta, and DOJ Disrupt Global Cybercrime and Fraudulent Networks
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Free online web security scanner
