Kaspersky Uncovers Sophisticated Deception Campaign Using Deepseek Ai As Bait
Written by: APO Group - Africa Newsroom Save to Instapaper
This campaign demonstrates notable sophistication beyond typical social engineering attacks
JOHANNESBURG, South Africa, March 10, 2025/APO Group/ --
Security researchers at Kaspersky (www.Kaspersky.co.in/) have revealed how cybercriminals used geofencing, compromised business accounts and coordinated bot networks to distribute malware disguised as DeepSeek AI software, generating over 1.2 million views on X.
Kaspersky's Threat Research and AI Technology Research have jointly identified a sophisticated deception campaign exploiting the rapid growth and public interest surrounding DeepSeek AI — a popular generative AI chatbot — in order to distribute malware through fraudulent websites.
In their investigation, Kaspersky researchers revealed that cybercriminals established deceptive replicas of the official DeepSeek website, using domain names like "deepseek-pc-ai[.]com" and "deepseek-ai-soft[.]com." A distinctive feature of this campaign was its use of geofencing technology, where malicious websites examine each visitor's IP address and dynamically alter content presentation based on geographic location, enabling attackers to fine-tune their approach and reduce detection risks.
"This campaign demonstrates notable sophistication beyond typical social engineering attacks," explained Vasily Kolesnikov, senior malware analyst at Kaspersky Threat Research. "Attackers exploited the current hype around generative AI technology, skillfully combining targeted geofencing, compromised business accounts and orchestrated bot amplification to reach a substantial audience while carefully evading cybersecurity defenses."
According to Kaspersky's analysis, the campaign's primary distribution channel was the social media platform X. Attackers strategically compromised the social media account of a legitimate Australian company to widely disseminate fraudulent links. This single malicious post drew significant attention, reaching approximately 1.2 million impressions and generating hundreds of reposts. Researchers determined that these reposts largely originated from coordinated bot accounts — evident due to their similar naming conventions and profile characteristics — indicating a deliberate amplification of the malicious content.
Visitors lured to the fraudulent websites were directed to download a fabricated DeepSeek client application. Instead of the authentic software, these sites delivered malicious installers using the Inno Setup installation platform. Once executed, these compromised installers attempted to contact remote command-and-control servers to retrieve Base64-encoded PowerShell scripts. These scripts subsequently activated Windows' built-in SSH service, reconfigured it with attacker-controlled keys and enabled full remote unauthorised access to compromised systems.
All malware payloads connected to this campaign are proactively identified and blocked by Kaspersky security products such as Trojan-Downloader.Win32.TookPS.* variants.
To remain secure, Kaspersky advises people to do the following:
- Check URLs meticulously. Fraudulent AI websites often use domain names that closely resemble legitimate services but contain subtle differences. Before downloading any AI software, verify that the website URL exactly matches the official domain with no additional words, hyphens or spelling variations.
- Use comprehensive security protection. Deploy a robust security solution like Kaspersky Premium on all devices to detect and block malicious installers and websites before they can compromise your system.
- Keep all software updated. Many security vulnerabilities exploited by malware can be addressed by installing the latest versions of your operating system and applications, particularly security software.
Read more on Securelist.com and Kaspersky Daily blog (https://apo-opa.co/4iDjGFt).
We submit and automate press releases distribution for a range of clients. Our platform brings in automation to 5 social media platforms with engaging hashtags. Our new platform The Pulse, allows premium PR Agencies to have access to our newsletter subscribers.
Latest from
- Seven Reasons Smart Consumers Prefer Brands That Educate Rather Than Push Products or Hard-Sell
- Youth in Oil and Gas Summit Sparks Call for Pragmatic Leadership to Drive Skills and Opportunity in Namibia
- African Energy Chamber Advocates for Youth Inclusion as Pillar of Namibia’s Oil and Gas Strategy
- Shark Exhibition Showcases Innovative Solutions to Protect Both Marine Life and Human Safety in SA Waters
- Domain Parking Demystified A Strategic Tool for Brand Protection and Future Online Growth
- Toyota South Africa and Kaizer Chiefs Turn Sponsorship Into Impact With Outreach to Ethelbert Centre
- Woolworths Becomes First SA Retailer to Offer Tailored Health Cover to Thousands of Employees
- Celebrating PR With Purpose A Tribute to Storytellers Who Place Humanity at the Heart of Influence
- Tired of the Grind? Why So Many South Africans Are Unhappy at Work and Looking for Something Better
- Megapro Appoints Marc Jury as CEO as Sports Marketing Veteran Prepares to Become Majority Shareholder
- Glencore-Merafe Resources Commits to Sustainable Impact With Handover of 11 Community Projects
- The Business Show Africa 2025 Promises Game-Changing Opportunities for Entrepreneurs and Startups
- Flow Launches Shoppable Audience Marketplace Giving Advertisers Instant Access to Premium First-Party Data
- CILTSA ESG Conference Unites Transport and Logistics Leaders to Accelerate Sustainable Industry Change
- South Africa Continues TO Engage The United States (US) Government ON The Reciprocal Tariffs
The Pulse Latest Articles
- Xlink: An Avant-garde, Purpose-driven Fintelco Driving Digital And Payments Interoperability On The African Continent (August 1, 2025)
- Success Is Just The Beginning For This South African Brand (July 31, 2025)
- Embassies Business Fair And Conference 2025 To Fast-track Africa’s Global Economic Integration (July 31, 2025)
- There Is A Small Business Funding Readiness Crisis In South Africa (July 30, 2025)
- Young Achievers Shine At The Top Of The Growthpoint Gems Class (July 30, 2025)