DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Code Injection in Spring Cloud: CVE-2024-37084
October 18, 2024
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions 2.11.0 through 2.11.3. A malicious user with access to the Skipper server API can exploit a flaw in the upload request process, ...
- Finland’s NBI probes wave of bank cyber attacks
October 18, 2024
Finland’s National Bureau of Investigation has opened a preliminary probe on a series of cyber attacks on the country’s financial sector. Finnish banks have been targeted in cyber attacks in recent months. In particular, Nordea Bank has been hit by several distributed denial of service (DDoS) attacks throughout the autumn. The bank has faced recurring problems ...
- Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
October 18, 2024
Last December, Kaspersky researchers discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. Kaspersky researchers have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps ...
- Greek police data leak exposes details of elite crime-fighting unit members
October 18, 2024
A Greek police officers association says it is planning legal action after names and details of hundreds of officers from a new elite crime-fighting agency were published on the internet. The Directorate for Combating Organised Crime, DAOE, was launched Thursday to tackle organized crime activities including contract killings, fuel smuggling and money laundering. Police officials confirmed ...
- New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
October 17, 2024
Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration ...
- Europol: Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan
October 17, 2024
US authorities have unveiled this week charges against two Sudanese nationals involved in a significant Distributed-Denial-of-Service (DDoS) cybercrime network, following an international investigation that spanned multiple countries. The investigation exposed the activities of Anonymous Sudan, a prolific cybercrime group conducting destructive DDoS attacks to support their ideologically-motivated agenda. Europol coordinated the European dimension of the investigation, ...