Home Security ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

by


Nov 22, 2024Ravie LakshmananArtificial Intelligence / Malware

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.

The packages, named gptplus and claudeai-eng, were uploaded by a user named “Xeroline” in November 2023, attracting 1,748 and 1,826 downloads, respectively. Both libraries are no longer available for download from PyPI.

“The malicious packages were uploaded to the repository by one author and, in fact, differed from each other only in name and description,” Kaspersky said in a post.

The packages purported to offer a way to access GPT-4 Turbo API and Claude AI API, but harbored malicious code that initiated the deployment of the malware upon installation.

Specifically, the “__init__.py” file in these packages contained Base64-encoded data that contained code to download a Java archive file (“JavaUpdater.jar”) from a GitHub repository (“github[.]com/imystorage/storage”). It also downloads the Java Runtime Environment (JRE) from a Dropbox URL if Java is not already installed on the host, before running the JAR file.

Cybersecurity

The JAR file is a Java-based information stealer called JarkaStealer that can steal a wide range of sensitive information, including web browser data, system data, screenshots, and session tokens from various applications like Telegram, Discord, and Steam.

In the final step, the collected information is archived, transmitted to the attacker’s server, and then deleted from the victim’s machine. JarkaStealer has been found to be offered under a malware-as-a-service (MaaS) model via a Telegram channel for anywhere between $20 and $50, although its source code has been leaked on GitHub.

Statistics from ClickPy show that the packages were downloaded mainly by users located in the U.S., China, India, France, Germany, and Russia as part of the year-long supply chain attack campaign.

“This discovery underscores the persistent risks of software supply chain attacks and highlights the critical need for vigilance when integrating open-source components into development processes,” Kaspersky researcher Leonid Bezvershenko said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex