DeepSeek Lure Used To Spread Malware
Feb. 26, 2025, 8:53 a.m.
Description
Cybercriminals are exploiting DeepSeek's popularity by creating fake look-alike domains to deliver the Vidar information stealer. The attack chain involves a deceptive website that prompts users to complete a fake partner registration, leading to a malicious CAPTCHA page. This page injects a PowerShell command into the user's clipboard, which when executed, downloads and launches the Vidar malware. Vidar targets cryptocurrency wallets, browser data, and sensitive files, using Telegram and Steam for C2 communication. The campaign highlights the rapid exploitation of AI technologies by threat actors and emphasizes the need for enhanced security measures and user education.
Tags
Date
- Created: Feb. 25, 2025, 7:40 p.m.
- Published: Feb. 25, 2025, 7:40 p.m.
- Modified: Feb. 26, 2025, 8:53 a.m.
Indicators
- deepseek.express
- 19198e75f7c830441360a42b06e10415f4368300a7590c119c237ea8c67bf23e
- 77.239.117.222
- http://book.rollingvideogames.com/temp/1.exe'
- book.rollingvideogames.com
- trydeepseek.com
- sailiabot.com
- sale-deepseek.com
- presales-deepseek.com
- deepseektrump.xyz
- deepseekt.org
- deepseeksol.com
- deepseeksky.com
- deepseekr1.club
- deepseekpumpfun.com
- deepseekpg.bet
- deepseekpepe.site
- deepseekpepe-eth.com
- deepseekonchain.com
- deepseekjulebu.shop
- deepseekfree.xyz
- deepseekclaim.live
- deepseekfart.xyz
- deepseekaigames.site
- deepseekaieth.com
- deepseekaiagent.live
- deepseekaiclaim.live
- deepseekai.global
- deepseekai.club
- deepseekai.today
- deepseek4youtube.com
- deepseekai-eth.fun
- deepseek2025.xyz
- deepseek.top
- deepseek.art
- deepseek-v3.xyz
- deepseek-pro.cloud
- deepseek-trump.xyz
- deepseek-adverting.icu
- deepseekcaptcha.top
Attack Patterns
- Vidar
- T1102.002
- T1552.001
- T1074.001
- T1059.001
- T1547.001
- T1056.001
- T1555
- T1071.001
- T1005
- T1036
- T1027
- T1041