DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack
July 26, 2025
U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the “majority” of its customers, financial professionals, and employees during a mid-July data breach. When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach. “On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based ...
- Dating safety app Tea breached, exposing 72,000 user images
July 26, 2025
Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images. That number includes 13,000 selfies and photo IDs submitted for account verification, as well as 59,000 images from posts, comments, and direct messages, the company ...
- Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful
July 25, 2025
Unit 42 has tracked and responded to several waves of intrusion operations conducted by the cybercrime group we track as Muddled Libra (aka Scattered Spider, UNC3944) across different sectors in recent months. This article contains observations on Muddled Libra thus far in 2025 based on Unit 42 incident response insights. Unit 42 researchers share defensive recommendations ...
- ToolShell: a story of five vulnerabilities in Microsoft SharePoint
July 25, 2025
On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were performed using an exploit chain of two vulnerabilities: CVE-2025-49704 and CVE-2025-49706, publicly named “ToolShell”. Additionally, ...
- Mitel Releases Security Advisories for MiVoice MX-One and MiCollab
July 24, 2025
Mitel has released security advisories to address vulnerabilities in Mitel MiVoice MX-ONE and MiCollab, which are cloud-based platforms that help manage business communications. The critical vulnerability, which has no CVE identifier at the time of publishing this Cyber Alert, affects Mitel MiVoice MX-One and is an authentication bypass vulnerability with a CVSSv3 score of 9.4. Successful ...
- Disrupting active exploitation of on-premises SharePoint vulnerabilities
July 23, 2025
Expanded analysis and threat intelligence from Microsoft continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified Mitigation and protection guidance (including raising Step 6: Restart IIS for emphasis), Detections, and Hunting sections. Read more… Source: Microsoft Sign up for ...