Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ChatGPT and Anthropic Claude to deliver an information stealer called JarkaStealer.
The packages, named gptplus and claudeai-eng, were uploaded by a user named “Xeroline” in November 2023, attracting