In recent developments within the realm of artificial intelligence, the ability to run AI chatbots locally on personal computers has garnered significant interest. However, this burgeoning fascination has also attracted the attention of cybercriminals. A newly identified strain of Windows malware is exploiting the excitement surrounding DeepSeek’s AI models, specifically targeting unsuspecting users.
Malware Exploits AI Enthusiasm
The malware, dubbed “BrowserVenom,” has been reported to secretly monitor and manipulate a user’s internet traffic, as detailed by cybersecurity firm Kaspersky. The attack vector involves deceptive Google ads that appear in search results for “deep seek r1,” which refers to DeepSeek’s latest AI models available online. Unfortunately, many newcomers to generative AI may not recognize the official domains that host the R1 model, making them vulnerable to these malicious schemes.
Upon clicking the misleading Google ads, users are redirected to a counterfeit DeepSeek domain, “https[:]//deepseek-platform[.]com.” This fraudulent site features a button prompting users to download the R1 model, leading them to inadvertently download a harmful file named “AILauncher1.21.exe.” Kaspersky’s analysis of the source code from both the phishing and distribution websites revealed comments in Russian, indicating that Russian-speaking threat actors are likely behind this operation.
Once the malicious executable is run, it presents a deceptive installation screen for R1. However, unbeknownst to the user, the program simultaneously deploys the BrowserVenom malware, reconfiguring the PC’s browsers to route traffic through a proxy server controlled by the hackers. This manipulation allows the attackers to intercept sensitive data and monitor the victim’s online activities while decrypting their traffic.
While the malicious domain associated with this attack has since been suspended, the BrowserVenom malware has proven capable of evading many antivirus solutions, resulting in infections across several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. This incident serves as a crucial reminder for users to verify that they are accessing official domains or channels when downloading software from AI companies.
Furthermore, running open-source AI programs like R1 on a personal computer entails a series of steps, rather than simply executing a conveniently designed Windows installer. As the landscape of AI technology continues to evolve, so too does the necessity for vigilance against cyber threats.
‘BrowserVenom’ Windows Malware Preys on Users Looking to Run DeepSeek AI
In recent developments within the realm of artificial intelligence, the ability to run AI chatbots locally on personal computers has garnered significant interest. However, this burgeoning fascination has also attracted the attention of cybercriminals. A newly identified strain of Windows malware is exploiting the excitement surrounding DeepSeek’s AI models, specifically targeting unsuspecting users.
Malware Exploits AI Enthusiasm
The malware, dubbed “BrowserVenom,” has been reported to secretly monitor and manipulate a user’s internet traffic, as detailed by cybersecurity firm Kaspersky. The attack vector involves deceptive Google ads that appear in search results for “deep seek r1,” which refers to DeepSeek’s latest AI models available online. Unfortunately, many newcomers to generative AI may not recognize the official domains that host the R1 model, making them vulnerable to these malicious schemes.
Upon clicking the misleading Google ads, users are redirected to a counterfeit DeepSeek domain, “https[:]//deepseek-platform[.]com.” This fraudulent site features a button prompting users to download the R1 model, leading them to inadvertently download a harmful file named “AILauncher1.21.exe.” Kaspersky’s analysis of the source code from both the phishing and distribution websites revealed comments in Russian, indicating that Russian-speaking threat actors are likely behind this operation.
Once the malicious executable is run, it presents a deceptive installation screen for R1. However, unbeknownst to the user, the program simultaneously deploys the BrowserVenom malware, reconfiguring the PC’s browsers to route traffic through a proxy server controlled by the hackers. This manipulation allows the attackers to intercept sensitive data and monitor the victim’s online activities while decrypting their traffic.
While the malicious domain associated with this attack has since been suspended, the BrowserVenom malware has proven capable of evading many antivirus solutions, resulting in infections across several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. This incident serves as a crucial reminder for users to verify that they are accessing official domains or channels when downloading software from AI companies.
Furthermore, running open-source AI programs like R1 on a personal computer entails a series of steps, rather than simply executing a conveniently designed Windows installer. As the landscape of AI technology continues to evolve, so too does the necessity for vigilance against cyber threats.