Security CompanyKaspersky issued a briefing claiming that they were PyPI Two malware packages were found in theThe toolkit masquerades as a GPT and Claude AI platform aid, but in reality isTrojan horse ransomware (computing).
1AI has learned that the two malware packages are called "gptplus" and "claudeai-eng". gptplus" claims to be able to access the GPT-4 Turbo model via OpenAI's API, while "claudeai-eng" claims to be able to access Anthropic Claude AI's API. API of Anthropic Claude AI, but in reality, they are both false propaganda.
By parsing the __init__.py file in the packages, Kaspersky researchers found that after running on the victim's device, the packages download a file called JavaUpdater.jar from the GitHub repository, which ultimately unzips and runs the JarkaStealer Trojan horse, which is capable of stealing private content such as the victim's browser data files, account token, and so on. The Trojan steals the victim's browser data files, account tokens, and other private content.
Kaspersky also said that these malware packages have been on PyPI's shelves for more than a year, during which time they have been downloaded more than 1,700 times, and called on developers to be vigilant when using third-party libraries in order to avoid becoming a member of thehackerAssault victims.