216.73.217.139

Stealers and backdoors are spreading under the guise of a DeepSeek client

· Published 06/03/2025 12:31 · Modified 06/03/2025 15:41

Export JSON

Essential information

Published
06/03/2025 12:31
Modified
06/03/2025 15:41
Tags
2025-03-06 backdoor deepseek dll sideloading farfli powershell social engineering stealer typosquatting
Related entities
9 observables, 16 techniques (mitre), 1 malware, 1 others

Description

Cybercriminals are exploiting the popularity of , a powerful reasoning large language model, by creating fake websites that mimic the official chatbot site and distribute malicious code disguised as a client. Three main schemes were identified: a Python targeting user data and credentials, a malicious script spreading through social media posts, and backdoors targeting Chinese users. The attacks use various methods to lure victims, including and ad traffic. Users are advised to carefully check website addresses and be cautious of unverified links, especially for popular services. The malware distributed includes stealers, backdoors, and trojans, potentially leading to data theft and remote access to victims' computers.

External references