Critical warning from experts: They are secretly entering computers with the appearance of 'DeepSeek'

Kaspersky Global Research and Analysis Team (GReAT) has uncovered a new malware campaign that infiltrates computers using the fake 'DeepSeek R1 Large Language Model' (LLM) implementation.
 
 
Redirecting to a Fake Site with Google Ads
 
Attackers use Google ads to lure users to fake sites that mimic the real DeepSeek platform. When users search for “deepseek r1,” the ad link is redirected to a decoy site.
 
Fake Apps and Trojans Are Used
 
The fake site targets Windows operating system users and offers the user to download offline tools such as Ollama or LM Studio. During the download process, the user is tricked using a CAPTCHA test and then the malware is installed on the computer.
 
Bypassing Windows Defender Protection
 
This software bypasses Windows Defender's protection with special algorithms and settles into the system. However, the installation requires the user to have administrative rights. This malware cannot infect the systems of users who do not have administrative rights.
 
User Data At Risk
 
Dubbed 'BrowserVenom', the malware redirects users' web browsers to a proxy server controlled by attackers, stealing users' sensitive browser data and continuously monitoring their activities.
 
Cyber ​​Security Advice from Experts
 
Kaspersky experts recommend users to take the following precautions:
 
    Checking the accuracy of website addresses,
 
    Downloading offline AI tools only from official sources,
 
    Using Windows in profiles without administrative privileges,
 
    Using reliable cybersecurity solutions.
 
While Kaspersky Security Researcher Lisandro Ubiedo pointed out the advantages of using AI applications offline, he noted that such malware can pose a serious threat if the right precautions are not taken.
 
 
 
Source: CUMHA - CUMHURS NEWS AGENCY