- McAfee researchers find a “cocktail” of malicious software hiding behind false Deepseek applications
- The campaign attacks people looking for the generative AI tool
- Infosteralists, crypto minors and more are deployed in this way
The media threshing around Deepseek is the next great thing that cybercriminals exploit in their hacking campaigns, say the researchers of McAfee Labs.
The team explained how they saw cybercriminals create various websites, offering different versions of Deepseek to download. The victims would reach these websites through search engines, which also means that certain SEO poisoning were also involved in the campaign.
When they reach websites and download the software, the victims are infected with a “malware cocktail”, ranging from keyloggers and password thieves, to minors. These variants of malware can steal sensitive information (including banking identification information and cryptocurrency portfolio information) and can force the infected computer to exploit cryptocurrency, make them useless for almost everything else.
Faked
While on some websites, the victims are invited to download an application or a Deepseek program, on others – the Devil is in Captcha.
In some cases observed by MCAFEE, the victims would visit a website with a CAPTCHA which can be “resolved” by copying and sticking an order in the execution program on Windows. This order downloads and performs a malicious dropper.
To stay safe, you must remain vigilant at all times. Instead of “Googler” for something, visit the website directly and if you do not know the address, examine each link returned by the search engine.
In addition, a real Captcha will never ask you to stick an order in the execution program.
Pirates are known to exploit current trends to distribute malware. Similar campaigns were observed when the cat-gpt released, both for Windows and Android.
Major events, such as Black Friday and Cyber Monday, the Olympic Games, the World Cup and others, have all been mistreated in the past. The Breakout COVID-19, the Russian-Ukrainian war and the American presidential elections, all served as flight flight platforms, distribution of malicious software and wire fraud.
