The AI startup DeepSeek has gained significant attention in recent weeks for its advanced AI models, particularly the R1 reasoning model.
However, this rapid rise to fame has also attracted the unwanted attention of cybercriminals, who are exploiting DeepSeek’s popularity to launch sophisticated cyber attacks.
These threats include fake websites, malware distribution, and scams involving non-existent cryptocurrency tokens.
One of the most concerning tactics involves fake websites that mimic DeepSeek’s official site. These sites prompt users to download what appears to be DeepSeek’s AI model but instead delivers a malicious executable.
For instance, a website located at /deepseek-6phm9gg3zoacooy.app-tools.info has been identified as distributing signed malware detected by ESET products as Win32/Packed.NSIS.A.
This malware is digitally signed, which can make it more convincing to unsuspecting users.
# Example of a malicious URL https://deepseek-6phm9gg3zoacooy.app-tools.info # Malware Detection Win32/Packed.NSIS.A
ESET researchers noted that to further deceive users, these fake sites often have a “Download Now” button, unlike the official DeepSeek site, which does not require downloads for desktop use.
Users should be cautious of any site that prompts them to download software when using DeepSeek, as the official service can be accessed directly through a web browser.
Fake @deepseek_ai download page
/deepseek-6phm9gg3zoacooy.app-tools.info
Delivering signed malware "https://t.co/Q9OztUG2pI TRADING TRANSPORT COMPANY LIMITED" @SquiblydooBlog
RUN: https://t.co/Kb7EZ4YImp
Sample: https://t.co/jKTV2HvZzVNodejs, idk what is this but steals😅 pic.twitter.com/83XHaizdDp
— Who said what? (@g0njxa) January 28, 2025
Bogus Crypto Tokens and Pre-IPO Shares
Another scam involves the creation of fake DeepSeek cryptocurrency tokens on various blockchain networks.
These tokens have quickly gained significant market capitalization, despite DeepSeek explicitly stating that it has not issued any cryptocurrency.
Besides this the scammers are touting non-existent DeepSeek pre-IPO shares, aiming to trick investors into parting with their money.
DeepSeek has faced intense scrutiny over its privacy and security practices. The company recently announced that it was the target of a large-scale cyberattack, leading to the suspension of new user signups.
Moreover, a database belonging to DeepSeek was found to have exposed sensitive information, including API keys and user chat prompts, to the public internet. While this database has since been secured.
To protect against these threats, users should remain vigilant when encountering messages or websites claiming to be associated with DeepSeek.
It is important to verify sources by always navigating to the official DeepSeek website by typing the URL directly into your browser.
Make sure to be cautious of unsolicited offers, such as emails or social media messages that prompt urgent action or propose investment opportunities.
Strengthening your online accounts with two-factor authentication (2FA) can prevent unauthorized access, and using multilayered security software on all devices adds an extra layer of protection.
