Subj : Watch out - that DeepSeek installer could be damaging malware
To   : All
From : TechnologyDaily
Date : Thu Jun 12 2025 16:30:08

Watch out - that DeepSeek installer could be damaging malware

Date:
Thu, 12 Jun 2025 15:08:00 +0000

Description:
Fake DeepSeek website found serving dangerous malware instead of the popular 
app.

FULL STORY
======================================================================Kaspersk
y finds fake DeepSeek app being promoted through Google Ads The app bundles 
legitimate software with malware The malware relays sensitive data to 
attacker-controlled servers 

Cybersecurity researchers from Kaspersky have spotted a new malware 
distribution campaign abusing DeepSeek as a lure. 

In a report , the experts say unidentified hackers created a spoofed version 
of the DeepSeek-R1 website, on which they hosted Ollama or LM Studio, tools 
which enable users to run large language models (LLM) locally on the 
computer, without needing an internet connection. 

However the tools were bundled with a piece of malware called BrowserVenom, 
which configures web browsers to channel all traffic through the attackers 
server. As a result, any sensitive data, such as credentials, move through 
malicious servers first, where they can easily be picked up. BrowserVenom 

The site was being advertised through Google Ads, and when victims clicked on 
the download button, the site first checks which operating system they are 
using, and if theyre on Windows - serves the malware. 

Other OS users were not targeted - but Windows users had to pass a CAPTCHA, 
after which they get served the malware. 

Kaspersky says that BrowserVenom bypasses Windows Defenders protection with a 
special algorithm, but did not elaborate further. It did stress that the 
infection process requires admin privileges for the Windows user profile, and 
otherwise wont even run. 

Most victims were located in Brazil, Cuba, Mexico, India, Nepal, South 
Africa, and Egypt, Kaspersky added, but did not say how many people were 
affected. 

While running large language models offline offers privacy benefits and 
reduces reliance on cloud services, it can also come with substantial risks 
if proper precautions arent taken, commented Kasperskys Security Researcher, 
Lisandro Ubiedo. 

Cybercriminals are increasingly exploiting the popularity of open-source AI 
tools by distributing malicious packages and fake installers that can 
covertly install keyloggers, cryptominers, or infostealers. These fake tools 
compromise a users sensitive data and pose a threat, particularly when users 
have downloaded them from unverified sources. You might also like Popular AI 
program spoofed in phishing campaign spawning fake Microsoft Sharepoint 
logins Take a look at our guide to the best authenticator app We've rounded 
up the best password managers



======================================================================
Link to news story:
https://www.techradar.com/pro/security/watch-out-that-deepseek-installer-could
-be-damaging-malware


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.