The Python Package Index (PyPI) package repository has been found to contain two malicious packages leveraging the DeepSeek name. Although they were only up for around 30 minutes, the packages were downloaded 36 times. The malicious attack began on January 29, when the packages were published. They appeared to be client libraries to access and interact with the DeepSeek AI API, but instead were designed to collect user and computer data. PyPI is used by many popular package managers, so users should be careful of downloading newly released packages. 

Read more: https://helpnetsecurity.com/2025/02/03/deepseeks-popularity-exploited-to-push-malicious-packages-via-pypi/