Kaspersky uncovers year-long PyPI supply chain attack using AI chatbot tools as lure

The malicious packages, which were available on PyPI since November 2023, received over 1,700 downloads across more than 30 countries before being identified and removed. According to PyPI statistics from third-party monitoring services, the highest activity was reported in the United States, China, France, Germany, and Russia. However, the campaign does not appear to target any specific organization or geographic region, and all victims appear to be individual users.

Kaspersky GReAT identified the threat using its internal automated system designed to monitor open-source repositories. The packages were disguised as Python wrappers for popular AI tools, specifically ChatGPT by OpenAI and Claude AI by Anthropic. The further analysis revealed that while the packages provided legitimate AI chatbot functionality, they simultaneously installed the hidden JarkaStealer malware on users' systems.

JarkaStealer, a stealer written in Java, is capable of stealing data from various browsers, taking screenshots, collecting system information, and grabbing session tokens from applications like Telegram, Discord, Steam, and even a Minecraft cheat client. The malware's code also includes functionality to terminate browser processes, such as Chrome and Edge, in order to access and extract stored data. The collected information is then archived and exfiltrated to the attacker's server before being deleted from the infected machine.

Kaspersky GReAT also discovered that the malware's original developer is selling and distributing it through a Telegram channel and bot shop using a malware-as-a-service (MaaS) model. Additionally, Kaspersky found that JarkaStealer's source code was leaked on GitHub, enabling anyone to deploy it. Based on language artifacts found in the malware's code and advertisement in Telegram, the company’s researchers assess with medium to high confidence that the author is Russian-speaking.

"This discovery underscores the persistent risks of software supply chain attacks and highlights the critical need for vigilance when integrating open-source components into development processes. We advise organizations to implement stringent verification and integrity checks to ensure the legitimacy and security of the software and dependencies they use, particularly when integrating exciting new technologies like AI," said Leonid Bezvershenko, a security researcher at Kaspersky GReAT.

Kaspersky has reported its findings to PyPI, ensuring the removal of the malicious packages from the repository. The company continues to actively monitor for any activity related to JarkaStealer and other suspicious uploads to open-source platforms, including PyPI, to safeguard the software supply chain.

The detailed research on JarkaStealer and its use in the recent PyPI supply chain attack has been published on the Kaspersky Threat Intelligence Portal. In addition, findings from Kaspersky GReAT regarding risks in open-source ecosystems have been integrated into the Kaspersky Open Source Software Threats Data Feed. This feed is designed to help organizations proactively defend against supply chain attacks by providing real-time intelligence on malicious activity targeting open-source platforms.

About Global Research & Analysis Team 

Established in 2008, Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world. Today GReAT consists of 40+ experts working globally – in Europe, Russia, Latin America, Asia, Middle East. Talented security professionals provide company leadership in anti-malware research and innovation, bringing unrivaled expertise, passion and curiosity to the discovery and analysis of cyberthreats.