DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Black Basta ransomware group suspected in Ascension data theft incident
June 13, 2024
U.S. healthcare provider Ascension has provided more details of its “cyber security event” last month, admitting that data was stolen, with some reports also suggesting that the Black Basta ransomware gang was behind the attack. One of the largest nonprofit and Catholic health systems in the U.S. and also the second-largest operator of hospitals in the ...
- Bluetooth tracking device company Tile data compromised in data breach
June 13, 2024
Another day, another data breach. Tile has fallen victim to a mammoth data breach, with cybercriminals stealing sensitive consumer data like names, physical addresses, and phone numbers, and even accessing tools that process location requests made by law enforcement. In addition to stealing personal data en masse, hackers have also demanded a ransom from Tile’s parent ...
- DISGOMOJI Malware Used to Target Indian Government
June 13, 2024
In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137. The malware used in these recent campaigns, which Volexity tracks as DISGOMOJI, is written in Golang and compiled for Linux systems. Volexity assesses with high confidence that UTA0137 has espionage-related objectives and a remit ...
- Cinterion EHS5 3G UMTS/HSPA Module Research
June 13, 2024
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many product developers do not think of protecting their device from a potential modem compromise. ...
- Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
June 12, 2024
The Cardinal cybercrime group (aka Storm-1811, UNC4393), which operates the Black Basta ransomware, may have been exploiting a recently patched Windows privilege escalation vulnerability as a zero-day. The vulnerability (CVE-2024-26169) occurs in the Windows Error Reporting Service. If exploited on affected systems, it can permit an attacker to elevate their privileges. The vulnerability was patched on ...
- Quebec: Police arrest three in connection with massive Desjardins data breach
June 12, 2024
Laval police say they arrested three suspects Wednesday in connection to a massive data breach at Desjardins Group made public in 2019. The data breach at the Quebec-based credit union is thought to be one of the largest ever among Canadian financial institutions, affecting roughly 4.2 million people and 173,000 businesses. The leaked information includes names, ...