DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs.
kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing. But lately, threat actors have begun using malvertising to exploit the demand for chatbots. For instance, kaspersky researchers have recently discovered a new malicious campaign distributing previously unknown malware through a fake DeepSeek-R1 LLM environment installer. The malware is delivered via a phishing site that masquerades as the official DeepSeek homepage. The website was promoted in the search results via Google Ads.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- North Korea Turns Against New Targets?!
February 19, 2019
Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or another is ...
- Hackers Use Compromised Banks as Starting Points for Phishing Attacks
February 19, 2019
Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber attacks describes a so called cross-border domino-effect that can lead to spreading an infection beyond the initial ...
- When Cyberattacks Pack a Physical Punch
February 18, 2019
Physical security goes hand in hand with cyberdefense. What happens when – as we see all too often – the physical side is overlooked? More than one in 10 data breaches now involve “physical actions,” according to a recent report. These include leveraging physical devices to aid an attack, but also hacks that involve breaking into hardware ...
- Cisco’s warning: Patch this default Network Assurance Engine password bug
February 13, 2019
Cisco is urging customers to install an update that fixes a high-severity issue affecting its Network Assurance Engine (NAE) for managing data-center networks. The bug, tracked as CVE-2019-1688, could allow an attacker to use a flaw in the password-management system of NAE to knock out an NAE server and cause a denial of service. NAE is an ...
- New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info
February 13, 2019
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules. According to Cybereason’s Nocturnus team which discovered the new Astaroth strain, just like previous instalments, the malware uses “legitimate, built-in Windows OS processes to perform malicious activities and deliver a payload without being ...
- Snapd Flaw Lets Attackers Gain Root Access On Linux Systems
February 13, 2019
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed “Dirty_Sock” and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the maker ...