ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

Nov 22, 2024Ravie LakshmananArtificial Intelligence / Malware

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.

The packages, named gptplus and claudeai-eng, were uploaded by a user named “Xeroline” in November 2023, attracting 1,748 and 1,826 downloads, respectively. Both libraries are no longer available for download from PyPI.

“The malicious packages were uploaded to the repository by one author and, in fact, differed from each other only in name and description,” Kaspersky said in a post.

The packages purported to offer a way to access GPT-4 Turbo API and Claude AI API, but harbored malicious code that initiated the deployment of the malware upon installation.

Specifically, the “__init__.py” file in these packages contained Base64-encoded data that contained code to download a Java archive file (“JavaUpdater.jar”) from a GitHub repository (“github[.]com/imystorage/storage”). It also downloads the Java Runtime Environment (JRE) from a Dropbox URL if Java is not already installed on the host, before running the JAR file.

The JAR file is a Java-based information stealer called JarkaStealer that can steal a wide range of sensitive information, including web browser data, system data, screenshots, and session tokens from various applications like Telegram, Discord, and Steam.

In the final step, the collected information is archived, transmitted to the attacker’s server, and then deleted from the victim’s machine. JarkaStealer has been found to be offered under a malware-as-a-service (MaaS) model via a Telegram channel for anywhere between $20 and $50, although its source code has been leaked on GitHub.

Statistics from ClickPy show that the packages were downloaded mainly by users located in the U.S., China, India, France, Germany, and Russia as part of the year-long supply chain attack campaign.

“This discovery underscores the persistent risks of software supply chain attacks and highlights the critical need for vigilance when integrating open-source components into development processes,” Kaspersky researcher Leonid Bezvershenko said.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!