1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out - that DeepSeek installer could be damaging malware

    From TechnologyDaily@1337:1/100 to All on Thu Jun 12 16:30:08 2025
    Watch out - that DeepSeek installer could be damaging malware

    Date:
    Thu, 12 Jun 2025 15:08:00 +0000

    Description:
    Fake DeepSeek website found serving dangerous malware instead of the popular app.

    FULL STORY ======================================================================Kaspersk y finds fake DeepSeek app being promoted through Google Ads The app bundles legitimate software with malware The malware relays sensitive data to attacker-controlled servers

    Cybersecurity researchers from Kaspersky have spotted a new malware distribution campaign abusing DeepSeek as a lure.

    In a report , the experts say unidentified hackers created a spoofed version of the DeepSeek-R1 website, on which they hosted Ollama or LM Studio, tools which enable users to run large language models (LLM) locally on the
    computer, without needing an internet connection.

    However the tools were bundled with a piece of malware called BrowserVenom, which configures web browsers to channel all traffic through the attackers server. As a result, any sensitive data, such as credentials, move through malicious servers first, where they can easily be picked up. BrowserVenom

    The site was being advertised through Google Ads, and when victims clicked on the download button, the site first checks which operating system they are using, and if theyre on Windows - serves the malware.

    Other OS users were not targeted - but Windows users had to pass a CAPTCHA, after which they get served the malware.

    Kaspersky says that BrowserVenom bypasses Windows Defenders protection with a special algorithm, but did not elaborate further. It did stress that the infection process requires admin privileges for the Windows user profile, and otherwise wont even run.

    Most victims were located in Brazil, Cuba, Mexico, India, Nepal, South
    Africa, and Egypt, Kaspersky added, but did not say how many people were affected.

    While running large language models offline offers privacy benefits and reduces reliance on cloud services, it can also come with substantial risks
    if proper precautions arent taken, commented Kasperskys Security Researcher, Lisandro Ubiedo.

    Cybercriminals are increasingly exploiting the popularity of open-source AI tools by distributing malicious packages and fake installers that can
    covertly install keyloggers, cryptominers, or infostealers. These fake tools compromise a users sensitive data and pose a threat, particularly when users have downloaded them from unverified sources. You might also like Popular AI program spoofed in phishing campaign spawning fake Microsoft Sharepoint
    logins Take a look at our guide to the best authenticator app We've rounded
    up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-that-deepseek-installer-could -be-damaging-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)