A naukri.com initiative
Securelist
3w
221
Image Credit: Securelist
Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity
- The release of DeepSeek-R1, a reasoning large language model, in early 2025 attracted cybercriminals due to its popularity and availability both for local use and as a free service.
- Cybercriminals created fake websites mimicking the official DeepSeek chatbot site to distribute malicious code disguised as a client for the service.
- The fake websites prompted users to download applications that contained malicious payloads, such as a Python stealer script that gathers sensitive data from victims' computers.
- The malicious script is designed to collect data like browser cookies, login credentials, cryptocurrency wallet information, and more, which can lead to severe consequences for victims.
- Other instances involved fake DeepSeek websites distributing Trojans through malicious installers that gain remote access to victims' computers.
- Some campaigns targeted Chinese-speaking users by distributing malicious executable files associated with specific domains.
- Users are advised to be cautious of links from unverified sources, especially for popular services like DeepSeek, which does not have a native Windows client.
- These cybercrime campaigns use various schemes to lure victims, including distributing links through messengers, social networks, typosquatting, and affiliate programs.
- It is emphasized that digital hygiene practices and robust security solutions can significantly reduce the risk of device infection and personal data loss.
- Indicators of compromise, including malicious domains and MD5 hashes, have been provided to help in identifying potential threats related to these cybercriminal activities.
Read Full Article
13 Likes
For uninterrupted reading, download the app