Cybercriminals are wasting no time exploiting the buzz around DeepSeek, a Chinese AI chatbot that launched just a month ago. Security researchers have uncovered a wave of fraudulent websites mimicking DeepSeek, tricking unsuspecting users into handing over sensitive personal information and installing malware.
Fake DeepSeek Websites Flood the Internet
Researchers at ThreatLabz have identified multiple imposter sites designed to look like official DeepSeek platforms. These sites, including deepseeksol[.]com, deepseeksky[.]com, deepseek[.]app, and deepseekaiagent[.]live, lure visitors with promises of AI-driven interactions but have a far more sinister agenda.
The goal is clear: steal personal data and distribute malware. Once a user engages with these fake sites, they are prompted to register, leading them through a deceptive process that ultimately compromises their security.
Malware Tactics: How Users Get Trapped
The attack follows a multi-step infection process:
- Registration Trap: Victims are asked to sign up on the fake DeepSeek site.
- Fake CAPTCHA: A phony verification page appears, seemingly part of the process.
- Clipboard Hijacking: Malicious JavaScript quietly places a PowerShell command onto the user’s clipboard.
- Malware Installation: If executed, the command downloads and installs Vidar, a notorious information stealer.
Vidar is built to extract sensitive data, including passwords, personal files, and cryptocurrency wallets.
The Role of Social Media in Concealing the Attack
Threat actors behind this operation are leveraging Telegram to mask their command-and-control (C2) infrastructure, making detection and takedown efforts more challenging. The researchers noted that Vidar actively scans infected devices for cryptocurrency wallets, searching through registry keys and file paths to extract valuable assets.
In addition to targeting crypto wallets, Vidar also hunts for saved login credentials, stored cookies, and other sensitive information, maximizing the potential damage to victims.
How to Stay Safe from DeepSeek Impersonation Attacks
To reduce the risk of falling victim to these fraudulent sites, security experts recommend the following:
- Verify Website Authenticity: Always check the official DeepSeek website and avoid unfamiliar domains.
- Avoid Running Untrusted Scripts: Be cautious when copying and pasting commands into PowerShell or terminal windows.
- Enable Strong Security Measures: Use reputable antivirus software and endpoint detection tools.
- Watch for Red Flags: Unexpected registration requirements and CAPTCHA requests on lesser-known sites can indicate fraud.
- Educate Users: Organizations should train employees to spot phishing attempts and brand impersonation schemes.
Fake AI websites are becoming a favored tactic for cybercriminals, preying on users eager to explore new technology. Staying informed and vigilant is the best defense against these evolving threats.
