Fake AI Assistant DeepSeek-R1 Spreads Malware To Steal User Data

A new cybersecurity threat has emerged, where a fake AI assistant named DeepSeek-R1 is being used to distribute malware and steal user data. Discovered by researchers at Kaspersky, this malicious software impersonates a legitimate Chinese large language model (LLM) called DeepSeek, a known AI tool that operates offline.

The fraudulent campaign is primarily spread through fake websites and paid Google ads. When users click on the links, they are redirected to a website designed to resemble the official DeepSeek platform. The site performs a system check to determine the user’s operating system and then offers download options to install the supposed AI assistant.

Users are presented with two fake installation files, both of which install malware on the device. This malware is engineered to bypass Windows Defender using a specialized algorithm. Once installed, the malware manipulates the system’s web browsers to route traffic through a proxy controlled by cybercriminals, allowing them to spy on user activity and steal sensitive data.

Kaspersky warns that these types of attacks are becoming more common as cybercriminals exploit the growing popularity of AI tools, especially open-source and offline models, which are appealing for privacy-conscious users. However, these offline capabilities also create opportunities for malicious actors to distribute keyloggers, information stealers (infostealers), and cryptocurrency miners (cryptominers) without detection.

To avoid falling victim to such threats, users are advised to carefully verify the source of downloads, ensuring URLs belong to the official developer or vendor. This precaution applies not only to AI tools but to any type of software.

Lisandro Ubiedo, a security expert from Kaspersky’s Global Research and Analysis Team (GReAT), emphasized that while running large language models offline can offer privacy benefits and reduce reliance on cloud services, it also introduces significant risks if users download software from unverified sources. He notes that malicious actors are increasingly distributing fake installers and software packages that compromise user data, often without the victim’s knowledge.

Filed in Computers. Read more about AI (Artificial Intelligence), DeepSeek and Malware.