Threat Actors Exploiting DeepSeek’s Rise to Fuel Cyber Attacks

Amid the surging popularity of DeepSeek, a cutting-edge AI reasoning model from an emerging Chinese startup, cybercriminals have wasted no time leveraging the widespread attention to launch fraudulent schemes.

While the innovative AI tool has captivated global audiences, its meteoric rise has brought with it a new wave of malicious campaigns that prey on users’ enthusiasm and curiosity.

Malware Deployments

In the days following DeepSeek’s sudden ascent, security analysts have observed an alarming increase in phishing campaigns and malware deployments exploiting its brand.

One notable example involves lookalike websites impersonating DeepSeek’s official platform.

These counterfeit domains lure unwitting users into downloading malware disguised as the AI model itself.

ESET’s cybersecurity researchers have identified one such malicious file as “Win32/Packed.NSIS.A,” planted through a fraudulent “Download Now” option a deviation from the legitimate platform’s “Start Now” call-to-action.

Adding further deceit, certain malware instances were found to be digitally signed under the name “K.MY TRADING TRANSPORT COMPANY LIMITED,” likely to lend a false sense of legitimacy.

Security researchers have also flagged several newly registered domains designed to mimic DeepSeek’s official site, many of which promote fictitious investment opportunities or fraudulent pre-IPO shares to extract sensitive financial information.

Fraudulent DeepSeek-linked cryptocurrency tokens have emerged on various blockchain networks, with some attaining millions of dollars in market capitalization.

DeepSeek has explicitly denied launching any cryptocurrencies, warning users of these scams via public statements.

Privacy and Security Vulnerabilities

DeepSeek itself has come under fire over privacy and security concerns.

Shortly after its launch, the company revealed that it had suffered a large-scale cyberattack, forcing it to temporarily halt new user registrations.

In a separate incident, cloud cybersecurity firm Wiz uncovered an exposed DeepSeek database containing sensitive information such as API keys, system logs, and user prompts.

Though the database was promptly secured, the breach highlighted vulnerabilities in its cloud infrastructure.

Moreover, research by cybersecurity specialists at KELA and Palo Alto Networks uncovered that DeepSeek’s AI models are susceptible to adversarial attacks, including “evil jailbreaks.”

These exploit weaknesses in security guardrails, enabling the generation of harmful outputs, from ransomware code to detailed instructions for creating hazardous materials.

The startup’s data collection practices have also come under scrutiny, with regulatory authorities in the United States, Ireland, and France questioning its handling of user information.

This scrutiny has drawn comparisons to the controversies surrounding other Chinese tech enterprises like TikTok.

As cybercriminals adapt their tactics to capitalize on trending technologies, user vigilance remains paramount.

Experts recommend avoiding unsolicited emails or messages promoting DeepSeek-related offers, navigating to the official website via verified URLs, and strengthening account security with two-factor authentication.

Organizations are advised to safeguard sensitive data and avoid entering proprietary information into AI systems without proper risk assessments.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free