Cyber Security News

Android Malware Disguised as DeepSeek Steals Users’ Login Credentials

A recent cybersecurity threat has emerged in the form of Android malware masquerading as the DeepSeek AI application.

This malicious software is designed to deceive users into downloading a fake version of the DeepSeek app, which then compromises their device’s security by stealing sensitive information such as login credentials.

Malware Propagation and Installation

The malware is propagated through phishing links, such as hxxps://deepsekk[.]sbs, which lead users to download a malicious APK file named DeepSeek.apk with the hash e1ff086b629ce744a7c8dbe6f3db0f68.

Android Malware Android Malware
Download page

Once installed, the app appears with the genuine DeepSeek icon in the device’s app drawer, making it difficult for users to distinguish it from the legitimate version.

Upon launching the fake app, users are prompted to update it, which requires enabling the “Allow from this source” option and installing an additional app.

This results in two instances of the malware being installed on the device, each with a different package name: com.hello.world and com.vgsupervision_kit291.

Technical Analysis and Impact

The malicious app employs advanced evasion techniques, including password protection for the APK files, which complicates analysis using standard tools like APKTool and Jadx.

However, the Android SDK tool aapt was successful in parsing the app.

The child app, com.vgsupervision_kit29, frequently prompts users to enable Accessibility Services, allowing it to gain elevated permissions on the device.

Child app installation process

According to K7 Security Labs Report, this app uses a Domain Generation Algorithm (DGA) for Command & Control (C2) communication, making it harder to track and block its activities.

The malware scans the device for installed applications and transmits this information to the C2 server, further compromising user privacy.

To protect against such threats, users are advised to download apps only from reputable platforms like Google Play and the App Store, and to keep their devices updated with the latest security patches.

Utilizing a reputable mobile security product, such as K7 Mobile Security, can also help detect and prevent these types of malware attacks.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…

2 days ago

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution…

2 days ago

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…

2 days ago

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…

2 days ago

EU Targets Stark Industries in Cyberattack Sanctions Crackdown

The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…

2 days ago

Venice.ai’s Unrestricted Access Sparks Concerns Over AI-Driven Cyber Threats

Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…

2 days ago