DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- DoorDash says personal information of customers, dashers stolen in data breach
November 18, 2025
DoorDash confirmed a data breach that exposed the names, email addresses, phone numbers and physical addresses of some of its users, including customers, dashers and merchants. In a Help Center article published Nov. 13, DoorDash said that although hackers stole personal information from users, “no sensitive information was accessed by the unauthorized third party,” and the ...
- Hackers claim to have hit Under Armour in massive data breach
November 18, 2025
The notorious Everest ransomware group has claimed sportswear maker and retailer Under Armour as its latest victim – with the group posting what it claims is a sample of ‘more than millions of personal data’ and internal company data onto a dark web site. The dark leak site post claims the hackers have accessed and exfiltrated ...
- Active Exploitation Reported for CVE-2025-11001 in 7-Zip
November 18, 2025
Active exploitation of CVE-2025-11001 has been observed in the wild. A security researcher has also publicly released a proof-of-concept (PoC) exploit for CVE-2025-11001. The PoC allows attackers to abuse symbolic-link handling to write files outside of the intended extraction folder, which in some scenarios, can enable arbitrary code execution. Read more… Source: NHS Digital Sign up for the Cyber ...
- Microsoft says Azure was hit with a massive DDoS attack launched from over 500,000 IP addresses
November 18, 2025
Microsoft has said it successfully mitigated, “the largest DDoS attack ever observed in the cloud” after cybercriminals running the Aisuru botnet targeted a single endpoint, located in Australia. The attack was a sight to behold: more than 500,000 source IPs, across various regions, descended upon the endpoint, delivering a multi-vector Distributed Denial of Service (DDoS) attack ...
- Google Releases Security Update for Chrome
November 18, 2025
Google has released security updates for Chrome to address two high severity vulnerabilities in the V8 JavaScript engine. CVE-2025-13223 – Type Confusion in V8 – High severity – Google is aware an exploit exists in the wild. CVE-2025-13224 – Type Confusion in V8 – High severity Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest ...
- Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT
November 14, 2025
Palo Alto Unit 42 researchers have identified two interconnected malware campaigns active throughout 2025, using large-scale brand impersonation to deliver Gh0st remote access Trojan (RAT) variants to Chinese-speaking users. From the first campaign to the second, the adversary advanced from simple droppers to complex, multi-stage infection chains that misuse legitimate, signed software to bypass modern defenses. ...