- Fake DeepSeek websites are popping up and distributing malware
- The sites are followed by a huge promotion campaign on X
- The campaign generated more than a million views, experts warn
Cybercriminals are taking advantage of the hype surrounding AI hot-shot Deepseek to trick people into downloading malware, while evading scrutiny from security analysts, experts have warned.
Researchers at Kaspersky recently observed a sophisticated campaign consisting of compromised X accounts, coordinated bot activity, and geofencing.
The researchers said the cybercriminals created multiple websites to mimic the original Deepseek page. They set the pages up in such a way that they analyzed every visitor’s IP address, and altered the content dynamically, based on the location of the visitor. That way, they were able to display malicious content to some people, and benign content to others.
The targets were shown fake Deepseek software which granted the attackers full remote unauthorized access to their computers.
The hackers also got to advertising - stealing an X account belonging to a legitimate Australian company, and posted content that promoted the fake websites. They used a network of X bots to comment and share the content, generating more than a million views on the microblogging platform.
"Notable sophistication"
"This campaign demonstrates notable sophistication beyond typical social engineering attacks," explained Vasily Kolesnikov, senior malware analyst at Kaspersky Threat Research.
"Attackers exploited the current hype around generative AI technology, skillfully combining targeted geofencing, compromised business accounts and orchestrated bot amplification to reach a substantial audience while carefully evading cybersecurity defenses."
This is yet another proof that internet buzz does not translate to legitimacy. Cybercriminals are getting better at faking engagement, inflating download numbers, and writing fraudulent positive reviews.
To remain safe on the internet, one must be vigilant at all times. Do not trust - verify, should be the mantra, as scam campaigns get more sophisticated and more difficult to spot.
Software should always be downloaded from legitimate sources, whose URLs need to be checked meticulously. Finally, one should have a security program set up, and should keep their software up to date at all times.
You might also like
- Top ransomware gang's internal chat logs leaked online
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.