DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
January 19, 2024
While publicly reported and patched in October 2023, Mandiant and VMware Product Security have found UNC3886, a highly advanced China-nexus espionage group, has been exploiting CVE-2023-34048 as far back as late 2021. These findings stem from Mandiant’s continued research of the novel attack paths used by UNC3886, which historically focuses on technologies that are unable to ...
- Ukrainian hackers steal construction plans for 500 Russian military sites
January 18, 2024
Hackers from the group Blackjack, purportedly affiliated with Ukraine’s SBU security service, have breached a Russian state enterprise involved in construction work for the Russian military, and downloaded over 1.2 TB of data, a Ukrainian law enforcement source told NV on Jan. 18. The data from Russia’s Main Military Construction Directorate for Special Projects included more ...
- Chinese drones may pose security risks, US agencies warn
January 18, 2024
Chinese-made drones could pose a national security risk to the United States due to laws in China that force companies to provide authorities access to user data, two U.S. agencies say in a new memo. These “unmanned aircraft systems,” or UAS, are often used by operators of critical infrastructure in the United States without regard to ...
- Update Chrome – Google patches actively exploited zero-day vulnerability
January 18, 2024
Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up ...
- TA866 returns with a large Email campaign
January 18, 2024
Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_.pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive ...
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
January 18, 2024
Over the years, TAG has analyzed a range of persistent threats including COLDRIVER (also known as UNC4057, Star Blizzard and Callisto), a Russian threat group focused on credential phishing activities against high profile individuals in NGOs, former intelligence and military officers, and NATO governments. In order to gain the trust of targets, COLDRIVER often utilizes impersonation ...