Today's Bulletin: March 29, 2025

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Filter by Categories
Africacom
AfricaCom 2024
AI
Apps
Apps
Banking
Broadcast
CABSAT
Cabsat
Cloud
Column
Content
Corona
DTT
eCommerce
Editorial
Education
Entertainment
Events
Fintech
Fixed
Gitex
Gitex Africa
GSMA Cape Town
Healthcare
IBC
Industry Voices
Infrastructure
IoT
MNVO Nation Africa
Mobile
Mobile Payments
Music
MWC Barcelona
MWC Barcelona 2025
MWC Kigali
News
Online
Opinion Piece
Q&A
Satellite
Security
Software
Startups
Streaming
Technology
TechTalks
TechTalkThursday
Telecoms
Utilities
Video Interview
Follow us

Cybercriminals Exploit DeepSeek AI Hype in Sophisticated Malware Scam

March 11, 2025
3 min read
Author: Akim Benamara

Kaspersky exposed a cyberattack using fake DeepSeek AI sites, bot networks, and geofencing to distribute malware, reaching 1.2 million users.

Security researchers at Kaspersky have revealed how cybercriminals used geofencing, compromised business accounts and coordinated bot networks to distribute malware disguised as DeepSeek AI software, generating over 1.2 million views on X.

Kaspersky’s Threat Research and AI Technology Research have jointly identified a sophisticated deception campaign exploiting the rapid growth and public interest surrounding DeepSeek AI — a popular generative AI chatbot — in order to distribute malware through fraudulent websites.

In their investigation, Kaspersky researchers revealed that cybercriminals established deceptive replicas of the official DeepSeek website, using domain names like “deepseek-pc-ai[.]com” and “deepseek-ai-soft[.]com.” A distinctive feature of this campaign was its use of geofencing technology, where malicious websites examine each visitor’s IP address and dynamically alter content presentation based on geographic location, enabling attackers to fine-tune their approach and reduce detection risks.

This campaign demonstrates notable sophistication beyond typical social engineering attacks. Attackers exploited the current hype around generative AI technology, skillfully combining targeted geofencing, compromised business accounts and orchestrated bot amplification to reach a substantial audience while carefully evading cybersecurity defenses.

– Vasily Kolesnikov, Senior Malware Analyst, Kaspersky Threat Research

According to Kaspersky’s analysis, the campaign’s primary distribution channel was the social media platform X. Attackers strategically compromised the social media account of a legitimate Australian company to widely disseminate fraudulent links. This single malicious post drew significant attention, reaching approximately 1.2 million impressions and generating hundreds of reposts. Researchers determined that these reposts largely originated from coordinated bot accounts — evident due to their similar naming conventions and profile characteristics — indicating a deliberate amplification of the malicious content.

Visitors lured to the fraudulent websites were directed to download a fabricated DeepSeek client application. Instead of the authentic software, these sites delivered malicious installers using the Inno Setup installation platform. Once executed, these compromised installers attempted to contact remote command-and-control servers to retrieve Base64-encoded PowerShell scripts. These scripts subsequently activated Windows’ built-in SSH service, reconfigured it with attacker-controlled keys and enabled full remote unauthorised access to compromised systems.

All malware payloads connected to this campaign are proactively identified and blocked by Kaspersky security products such as Trojan Downloader.Win32.TookPS.* variants.

To remain secure, Kaspersky advises people to do the following:

  • Check URLs meticulously. Fraudulent AI websites often use domain names that closely resemble legitimate services but contain subtle differences. Before downloading any AI software, verify that the website URL exactly matches the official domain with no additional words, hyphens or spelling variations.
  • Use comprehensive security protection. Deploy a robust security solution like Kaspersky Premium on all devices to detect and block malicious installers and websites before they can compromise your system.
  • Keep all software updated. Many security vulnerabilities exploited by malware can be addressed by installing the latest versions of your operating system and applications, particularly security software.
Follow us on LinkedIn

Newsletter signup

Sign up for our weekly newsletter and get the latest industry insights right in your inbox!

Please wait...

Thank you for sign up!