Threat Actors Exploiting DeepSeek’s Rise To Fuel Cyber Attacks
The AI startup DeepSeek has gained significant attention in recent weeks for its advanced AI models, particularly the R1 reasoning model. However, this rapid rise to fame has also attracted the unwanted attention of cybercriminals, who are exploiting DeepSeek’s popularity to launch sophisticated cyber attacks. These threats include fake websites, malware distribution, and scams involving […] The post Threat Actors Exploiting DeepSeek’s Rise To Fuel Cyber Attacks appeared first on Cyber Security News.
The AI startup DeepSeek has gained significant attention in recent weeks for its advanced AI models, particularly the R1 reasoning model.
However, this rapid rise to fame has also attracted the unwanted attention of cybercriminals, who are exploiting DeepSeek’s popularity to launch sophisticated cyber attacks.
These threats include fake websites, malware distribution, and scams involving non-existent cryptocurrency tokens.
One of the most concerning tactics involves fake websites that mimic DeepSeek’s official site. These sites prompt users to download what appears to be DeepSeek’s AI model but instead delivers a malicious executable.
For instance, a website located at /deepseek-6phm9gg3zoacooy.app-tools.info has been identified as distributing signed malware detected by ESET products as Win32/Packed.NSIS.A.
This malware is digitally signed, which can make it more convincing to unsuspecting users.
# Example of a malicious URL
https://deepseek-6phm9gg3zoacooy.app-tools.info
# Malware Detection
Win32/Packed.NSIS.AESET researchers noted that to further deceive users, these fake sites often have a “Download Now” button, unlike the official DeepSeek site, which does not require downloads for desktop use.
Users should be cautious of any site that prompts them to download software when using DeepSeek, as the official service can be accessed directly through a web browser.
Fake @deepseek_ai download page
/deepseek-6phm9gg3zoacooy.app-tools.info
Delivering signed malware "https://t.co/Q9OztUG2pI TRADING TRANSPORT COMPANY LIMITED" @SquiblydooBlog
RUN: https://t.co/Kb7EZ4YImp
Sample: https://t.co/jKTV2HvZzV
Nodejs, idk what is this but steals
Read More
