- McAFEE researchers find a “cocktail” of malware that is hidden behind the false Depseek applications
- The campaign is prepared in people looking for the generative AI tool
- Infoterous, cryptographic miners and more are being displayed in this way
The exaggeration of Depseek is the next bigger that cybercriminals are exploiting in their piracy campaigns, says McAfee Labs researchers.
The team has outlined how they saw cybercriminals configuring several websites, offering different versions of Deepseek to download. The victims would reach these websites through search engines, which means that there was also a seo poisoning in the campaign.
When they reach the websites and discharge the software, the victims are infected with a “malware cocktail”, ranging from Keyloggers and password stolen to coin miners. These malware variants can steal confidential information (including bank credentials and cryptocurrency wallet information), and can force the infected computer to extract cryptocurrencies, which makes it useless for almost anything else.
False captcha
While on some websites, the victims are invited to download an application or Deepseek program, in others: the devil is in the captcha.
In some cases observed by McAFEE, the victims would visit a website with a captcha that can be “resolved” by copying and hitting a command in the running program in Windows. This command simply downloads and executes a dropper of malware.
To stay safe, you must remain attentive at all times. Instead of “Search on Google” for something, visit the website directly, and if you don’t know the address, analyze each link returned by the search engine.
In addition, a real captcha will never ask you to paste a command in the execute program.
Computer pirates are known for taking advantage of current trends to distribute malware. Similar campaigns were observed when chat-GPT was launched for the first time, both for Windows and Android.
The main events, such as Black Friday and Cyber Monday, the Olympic Games, the World Cup and others, have been abused in the past. The rupture of COVID-19, the Russian-Ukrainian war and the presidential elections of the United States, all served as platforms for theft of information, distribution of malware and wire fraud.
