Cybersecurity researchers at Kaspersky have warned of a sophisticated deception campaign that exploits the rapid growth and public interest in DeepSeek AI, a popular generative AI chatbot.
In a report published on Monday, the researchers at the India-based cybersecurity firm said the campaign has utilised geofencing technology, compromised business accounts and coordinated bot networks to distribute malware disguised as legitimate DeepSeek software.
Kaspersky’s Threat Research and AI Technology teams discovered that cybercriminals created deceptive replicas of the official DeepSeek website using domain names such as “deepseek-pc-ai[.]com” and “deepseek-ai-soft[.]com.”
This strategy allowed attackers to lure unsuspecting users into downloading malicious installers instead of authentic software.
Vasily Kolesnikov, senior malware analyst at Kaspersky Threat Research noted that attackers effectively leveraged the current hype surrounding generative AI by combining targeted geofencing with compromised business accounts and orchestrated bot amplification to reach a wide audience.
“Attackers exploited the current hype around generative AI technology, skilfully combining targeted geofencing, compromised business accounts and orchestrated bot amplification to reach a substantial audience while carefully evading cybersecurity defences,” Kolesnikov said.
The primary distribution channel for this campaign was the social media platform X where attackers compromised an Australian company’s account to disseminate fraudulent links widely.
One malicious post garnered approximately 1.2 million impressions and hundreds of reposts from coordinated bot accounts designed to amplify the harmful content.
Visitors who clicked on these fraudulent links were directed to download a counterfeit DeepSeek client application.
Instead of genuine software, they received compromised installers that contacted remote command-and-control servers to execute Base64-encoded PowerShell scripts.
These scripts activated Windows’ built-in SSH service, allowing unauthorised access to affected systems.
To protect against such threats, the Kaspersky researchers advised users to meticulously check URLs for authenticity before downloading any AI software; utilise comprehensive security solutions; and keep all software updated to mitigate vulnerabilities exploited by malware.
JN/APA