DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Buran Ransomware; the Evolution of VegaLocker
November 5, 2019
McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware families ...
- Wizard Spider Upgrades Ryuk Ransomware to Reach Deep into LANs
November 4, 2019
The Ryuk ransomware has added two features to enhance its effectiveness: The ability to target systems that are in “standby” or sleep mode; and the use of Address Resolution Protocol (ARP) pinging to find drives on a company’s LAN. Both are employed after the initial network compromise of a victim organization. Ryuk, which is distributed by ...
- Nemty Ransomware Expands Its Reach, Also Delivered by Trik Botnet
November 4, 2019
The Nemty ransomware (Ransom.Nemty), initially detected in August 2019, has increased its reach by partnering up with the Trik botnet (Trojan.Wortrik), which now delivers Nemty to compromised computers. Trik, also known as Phorpiex, has been around for approximately 10 years. In its early days, the malware self-propagated via removable USB drives, Windows Live Messenger, or Skype ...
- Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam
November 4, 2019
Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...
- BlueKeep Attacks Have Arrived, Are Initially Underwhelming
November 4, 2019
The wave of BlueKeep attacks that security experts predicted could take down systems globally have arrived, but they are not in showing the form nor the destructive impact experts initially feared. Security researchers have seen evidence of the first wave of attacks on the zero-day Windows Remote Desktop vulnerability revealed by Microsoft in May. At the time experts ...
- Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
November 1, 2019
Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there was a ...