Cybersecuritynews
Malicious PyPI Package Steals Data via Trojanized AI Proxy
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A malicious Python package named hermes-px has been identified on the Python Package Index (PyPI), disguised as a 'Secure AI Inference Proxy.' This package is designed to route AI requests through the Tor network, falsely claiming to protect user anonymity. However, it hijacks a private university's internal AI endpoint in Tunisia and exfiltrates sensitive user prompts, including a stolen prompt from Anthropic's Claude AI system. The attack method involves the covert collection of data while users believe they are using a secure service. The full scope of the impact is still being assessed, but the incident raises significant concerns about the security of third-party packages in the Python ecosystem. As of now, there are no reported patches or mitigation strategies available for this specific threat.
Key Points: • The hermes-px package on PyPI masquerades as a secure AI tool but steals user data. • It hijacks a Tunisian university's AI endpoint and exfiltrates sensitive prompts. • No patches or mitigation strategies have been reported for this malicious package.