Photo credit: www.darkreading.com
Following the recent launch of China’s DeepSeek AI model, which has attracted significant global interest, a wave of malicious activity has emerged, with cybercriminals establishing phishing sites that mimic the company. These fraudulent websites are designed to trick individuals into downloading harmful software or divulging sensitive personal information.
Researchers from Memcyco, a cybersecurity firm based in Israel, have identified at least 16 distinct phishing websites that masquerade as DeepSeek. They believe this activity is indicative of a systematic campaign orchestrated by various threat actors.
Coordinated Campaign?
Israel Mazin, CEO and co-founder of Memcyco, explained that the firm has observed clusters of phishing domains emerging in sequential waves, adapting their design and content in real-time based on the public perception of DeepSeek’s website. “Some sites even change their attack strategies to align with current trends for maximum effectiveness,” Mazin stated. Threat actors have demonstrated a high level of adaptability, relocating their operations frequently to evade detection and removal by authorities.
Numerous phishing sites have emerged since the introduction of DeepSeek’s free R1 AI chatbot on January 20. While many have been dismantled, slow response times from hosting services and domain registrars have allowed these phishing attempts to persist, giving scammers a chance to exploit potential users.
Individuals who engage with these deceptive sites face serious risks, including identity theft, financial exploitation, and the possibility of malware infections. Some phishing sites are equipped to capture login credentials in real-time, thereby facilitating unauthorized account access. Other variants distribute malware capable of offering remote access to attackers, jeopardizing both personal and corporate data. Mazin emphasized that these scams are particularly perilous when new and exciting tools like DeepSeek draw in users unfamiliar with the legitimate platforms.
Another cybersecurity firm, Cyble, provided insights into this issue in a recent blog entry, noting that they had found several imitation domains aimed at deceiving users into thinking they were visiting the authentic DeepSeek site. Some of these sites promoted cryptocurrency scams, while others aimed to lure users with false investment opportunities, such as a fake pre-IPO sale. One fraudulent cryptocurrency site encouraged visitors to scan a QR code that, when utilized, allowed attackers to access and possibly deplete their digital wallets. Another site pushed a fictitious crypto token associated with DeepSeek.
“As DeepSeek’s notoriety grows, cybercriminals are likely to exploit its rising profile to execute various forms of phishing and fraudulent schemes,” Cyble remarked.
Phishing Isn’t the Only Threat
In addition to phishing sites, other grave threats are manifesting. Researchers from Positive Technologies have detected malicious packages such as “deepseekai” and “deepseeek” uploaded to the PyPI Python package repository. These packages target developers and organizations looking to incorporate DeepSeek into their applications, allowing malicious entities to siphon sensitive data from affected environments.
Many of the phishing sites monitored by Memcyco appear to fit the mold of phishing-as-a-service (PhaaS) offerings, which sell impersonation kits to fraudsters. “This could involve organized criminal syndicates, state-sponsored hackers, or novice phishers, all driven by financial gain or espionage motives,” Mazin explained.
The uptick in malicious activities surrounding DeepSeek is a familiar scenario following significant public interest events. This serves as a crucial reminder for users to maintain vigilance when navigating new, trending platforms. Signs such as misspelled URLs or poorly designed websites can indicate fraud, and Mazin advises users to exercise caution. “It’s imperative that domain registrars and social media platforms take proactive measures to monitor newly registered domains and profiles,” he asserted. “Furthermore, businesses should enhance their scam detection capabilities and implement real-time digital impersonation protections to ensure user safety.”
Source
www.darkreading.com