Threat Intel Solutions

* [Application Security](/application-security)* [Cyber Risk](/cyber-risk)* [Data Privacy](/cyber-risk/data-privacy)* [Threat Intelligence](/threat-intelligence)Faux ChatGPT, Claude API Packages Deliver JarkaStealer Faux ChatGPT, Claude API Packages Deliver JarkaStealer=============================================================================================================Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice. .jpg?width=100&auto=webp&quality=80&disable=upscale ‘Picture of Nate Nelson, Contributing Writer’) [Nate Nelson, Contributing Writer](/author/nate-nelson)November 22, 2024 3 Min Read  Source: Adrian Vidal via Alamy Stock Photo [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer)[](/cdn-cgi/l/email-protection#9ea1edebfcf4fbfdeaa3d8ffebe6beddf6ffead9cecab2beddf2ffebfafbbedfced7becefffdf5fff9fbedbedafbf2f7e8fbecbed4ffecf5ffcdeafbfff2fbecb8fff3eea5fcf1fae7a3d7bbacaeeaf6f1ebf9f6eabbacaeeaf6fbbbacaef8f1f2f2f1e9f7f0f9bbacaef8ecf1f3bbacaedaffecf5bbacaeccfbfffaf7f0f9bbacaef3f7f9f6eabbacaef7f0eafbecfbedeabbacaee7f1ebb0bbaedabbaedfbbaedabbaedfbbacaed8ffebe6bbacaeddf6ffead9cecabbacddbbacaeddf2ffebfafbbbacaedfced7bbacaecefffdf5fff9fbedbbacaedafbf2f7e8fbecbbacaed4ffecf5ffcdeafbfff2fbecbbaedabbaedff6eaeaeeedbbaddfbbacd8bbacd8e9e9e9b0faffecf5ecfbfffaf7f0f9b0fdf1f3bbacd8ffeeeef2f7fdffeaf7f1f0b3edfbfdebecf7eae7bbacd8f8ffebe6b3fdf6ffeaf9eeeab3fdf2ffebfafbb3ffeef7b3eefffdf5fff9fbedb3f4ffecf5ffedeafbfff2fbec)[](https://www.reddit.com/submit?url=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer&title=Faux%20ChatGPT%2C%20Claude%20API%20Packages%20Deliver%20JarkaStealer) Two Python packages claiming to integrate with popular chatbots actually transmit an infostealer to potentially thousands of victims.Publishing open source packages with malware hidden inside is [a popular way to infect application developers](https://www.darkreading.com/threat-intelligence/targeted-pypi-package-steals-google-cloud-credentials-macos-devs), and the organizations they work for or serve as customers. In this latest case, the targets were engineers eager to make the most out of OpenAI’s ChatGPT and Anthrophic’s Claude generative artificial intelligence (GenAI) platforms. The packages, claiming to offer application programming interface (API) access to the chatbot functionality, [actually deliver an infostealer](https://www.kaspersky.com/blog/jarkastealer-in-pypi-packages/52640/) called ‘JarkaStealer.”AI is very hot, but also, many of these services require you to pay,’ notes George Apostopoulos, founding engineer at Endor Labs. As a result, in malicious circles, there’s an effort to attract people to free access, ‘and people that don’t know better will fall for this.’Two Malicious ‘GenAI’ Python Packages————————————-About this time last year, someone created a profile with the username ‘Xeroline’ on [the Python Package Index (PyPI)](https://www.darkreading.com/threat-intelligence/citrine-sleet-poisons-pypi-packages-mac-linux-malware), the official third-party repository for open source Python packages. Three days later, the person published two custom packages to the site. The first, ‘gptplus,’ claimed to enable API access to OpenAI’s GPT-4 Turbo language learning model (LLM). The second, ‘claudeai-eng,’ offered the same for ChatGPT’s popular competitor, Claude.Neither package does what it says it does, but each provide users with a half-baked substitute — a mechanism for interacting with the free demo version of ChatGPT. As Apostopoulos says, ‘At first sight, this attack is not unusual, but what makes it interesting is if you download it and you try to use it, it will kind of look like it works. They committed the extra effort to make it look legitimate.’Under the hood, meanwhile, the programs would drop a Java archive (JAR) file containing JarkaStealer.JarkaStealer is a newly documented infostealer sold in the Russian language Dark Web for just $20 — with various modifications available for $3 to $10 apiece — though its source code is also freely available on GitHub. It’s capable of all the basic stealer tasks one might expect: stealing data from the targeted system and browsers running on it, taking screenshots, and grabbing session tokens from various popular apps like Telegram, Discord, and Steam. [Its efficacy at these tasks is debatable](https://github.com/Loremas1er/JarkaSteal/blob/main/README.md).Gptplus -& claudeai-eng’s Year in the Sun—————————————–The two packages managed to survive on PyPI for a year, until researchers from Kaspersky recently spotted and reported them to [the platform’s moderators](https://www.darkreading.com/application-security/pypi-shuts-down-weekend-says-incident-overblown). They’ve since been taken offline but, in the interim, they were each downloaded more than 1,700 times, across Windows and Linux systems, in more than 30 countries, most often the United States.Those download statistics may be slightly misleading, though, as data from the PyPI analytics site ‘ClickPy’ shows that both — particularly [gptplus](https://clickpy.clickhouse.com/dashboard/gptplus) — experienced a huge drop in downloads after their first day, hinting that Xeroline may have artificially inflated their popularity ([claudeai-eng](https://clickpy.clickhouse.com/dashboard/claudeai-eng), to its credit, did experience steady growth during February and March).’One of the things that -[security professionals-] recommend is that before you download it, you should see if the package is popular — if other people are using it. So it makes sense for the attackers to try to pump this number up with some tricks, to make it look like it’s legit,’ Apostopoulos says.He adds, ‘Of course, most average people won’t even bother with this. They will just go for it, and install it.’ [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer)[](/cdn-cgi/l/email-protection#3d024e485f57585e49007b5c48451d7e555c497a6d69111d7e515c4859581d7c6d741d6d5c5e565c5a584e1d795851544b584f1d775c4f565c6e49585c51584f1b5c504d065f5259440074180f0d495552485a5549180f0d495558180f0d5b525151524a54535a180f0d5b4f5250180f0d795c4f56180f0d6f585c5954535a180f0d50545a5549180f0d545349584f584e49180f0d44524813180d79180d7c180d79180d7c180f0d7b5c4845180f0d7e555c497a6d69180f7e180f0d7e515c485958180f0d7c6d74180f0d6d5c5e565c5a584e180f0d795851544b584f180f0d775c4f565c6e49585c51584f180d79180d7c5549494d4e180e7c180f7b180f7b4a4a4a13595c4f564f585c5954535a135e5250180f7b5c4d4d51545e5c49545253104e585e484f544944180f7b5b5c4845105e555c495a4d49105e515c485958105c4d54104d5c5e565c5a584e10575c4f565c4e49585c51584f)[](https://www.reddit.com/submit?url=https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer&title=Faux%20ChatGPT%2C%20Claude%20API%20Packages%20Deliver%20JarkaStealer) About the Author—————-.jpg?width=400&auto=webp&quality=80&disable=upscale ‘Nate Nelson, Contributing Writer’) [Nate Nelson, Contributing Writer](/author/nate-nelson)
Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes ‘Malicious Life’ — an award-winning Top 20 tech podcast on Apple and Spotify — and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts ‘The Industrial Security Podcast,’ the most popular show in its field. [See more from Nate Nelson, Contributing Writer](/author/nate-nelson) Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. [Subscribe](https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi)You May Also Like*** ** * ** ***More Insights Webinars* [The Unreasonable Effectiveness of Inside Out Attack Surface Management](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_runz04&ch=SBX&cid=_upcoming_webinars_8.500001502&_mc=_upcoming_webinars_8.500001502)Dec 4, 2024[More Webinars](/resources?types=Webinar) Events* [Cybersecurity Outlook 2025](https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7201&ch=SBX&cid=_session_16.500326&_mc=_session_16.500326)Dec 5, 2024[More Events](/events) ### Editor’s Choice[Pegasus Spyware concept with binary code background ](/endpoint-security/whatsapp-nso-group-operates-pegasus-spyware)[Endpoint Security](/endpoint-security) [WhatsApp: NSO Group Operates Pegasus Spyware for Customers](/endpoint-security/whatsapp-nso-group-operates-pegasus-spyware)[WhatsApp: NSO Group Operates Pegasus Spyware for Customers](/endpoint-security/whatsapp-nso-group-operates-pegasus-spyware) by[Jai Vijayan, Contributing Writer](/author/jai-vijayan) Nov 18, 2024 4 Min Read [Laptop with Palo Alto networks logo ](/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls)[Cyberattacks -& Data Breaches](/cyberattacks-data-breaches) [Palo Alto Networks Patches Critical Zero-Day Firewall Bug](/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls)[Palo Alto Networks Patches Critical Zero-Day Firewall Bug](/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls) by[Becky Bracken, Senior Editor, Dark Reading](/author/becky-bracken) Nov 18, 2024 3 Min Read [ChatGPT, typed out on a screen ](/cloud-security/chatgpt-exposes-instructions-knowledge-os-files)[Сloud Security](/cloud-security) [ChatGPT Exposes Its Instructions, Knowledge -& OS Files](/cloud-security/chatgpt-exposes-instructions-knowledge-os-files)[ChatGPT Exposes Its Instructions, Knowledge -& OS Files](/cloud-security/chatgpt-exposes-instructions-knowledge-os-files) by[Nate Nelson, Contributing Writer](/author/nate-nelson) Nov 15, 2024 4 Min Read Reports* [Managing Third-Party Risk Through Situational Awareness](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cybo171&ch=&cid=_analytics_7.300006016&_mc=_analytics_7.300006016)Jul 31, 2024* [2024 InformationWeek US IT Salary Report](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg253&ch=sbx&cid=_analytics_7.300006014&_mc=_analytics_7.300006014)May 29, 2024[More Reports](/resources?types=Report) Webinars* [The Unreasonable Effectiveness of Inside Out Attack Surface Management](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_runz04&ch=SBX&cid=_upcoming_webinars_8.500001502&_mc=_upcoming_webinars_8.500001502)Dec 4, 2024[More Webinars](/resources?types=Webinar) White Papers* [The Definitive Guide to Container Security](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_palo249&ch=SBX&cid=_whitepaper_14.500005836&_mc=_whitepaper_14.500005836)* [Solution Brief: Introducing the runZero Platform](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6967&ch=SBX&cid=_whitepaper_14.500005792&_mc=_whitepaper_14.500005792)* [Gartner Report: Cyber Asset Attack Surface Management](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6966&ch=SBX&cid=_whitepaper_14.500005791&_mc=_whitepaper_14.500005791)* [The State of Asset Security: Uncovering Alarming Gaps -& Unexpected Exposures](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6965&ch=SBX&cid=_whitepaper_14.500005790&_mc=_whitepaper_14.500005790)* [5 Essential Insights into Generative AI for Security Leaders](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_senu26&ch=SBX&cid=_whitepaper_14.500005772&_mc=_whitepaper_14.500005772)[More Whitepapers](/resources?types=Whitepaper) Events* [Cybersecurity Outlook 2025](https://darkreading.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa7201&ch=SBX&cid=_session_16.500326&_mc=_session_16.500326)Dec 5, 2024[More Events](/events)

Related Tags:
NAICS: 56 – Administrative And Support And Waste Management And Remediation Services

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 519 – Web Search Portals

Libraries

Archives

Other Information Services

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 51 – Information

Blog: Dark Reading

Software Discovery: Security Software Discovery

Software Discovery

Associated Indicators: