Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs. The previously unknown malware is delivered via a phishing site that pretends to be the official DeepSeek homepage, which is promoted via Google Ads. The goal of the attacks is to install BrowserVenom, a malware that configures web browsers on the victim’s device to channel web traffic through the attackers' servers, thus allowing them to collect user data, credentials, and other sensitive information. Multiple infections have been detected in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt.
DeepSeek-R1 is one of the most popular LLMs right now, and Kaspersky has previously reported attacks with malware mimicking it to attract victims. DeepSeek can also be run offline on PCs using tools like Ollama or LM Studio, and attackers used this in their campaign.
Users are directed to a phishing site mimicking the address of the original DeepSeek platform via Google Ads, with the link showing up in the ad when a user searched for “deepseek r1”. Once the user reaches the fake DeepSeek site, a check is performed to identify the victim’s operating system. If it is Windows, the user is presented with a button to download the tools for working with the LLM offline. Other operating systems were not targeted at the time of research.
After clicking on the button and passing the CAPTCHA test, a malicious installer file is downloaded, and the user is presented with options to download and install Ollama or LM Studio. If either option is chosen, along with legitimate Ollama or LM Studio installers, malware is installed in the system, bypassing Windows Defender's protection with a special algorithm. This procedure also requires administrator privileges for the user profile on Windows; if the user profile on Windows does not have these privileges, the infection does not take place.
After the malware is installed, it configures all web browsers in the system to forcefully use a proxy controlled by the attackers, enabling them to spy on sensitive browsing data and monitor the victim's browsing activity. Because of its enforcing nature and malicious intent, Kaspersky researchers have dubbed this malware BrowserVenom.
“While running large language models offline offers privacy benefits and reduces reliance on cloud services, it can also come with substantial risks if proper precautions are not taken. Cybercriminals are increasingly exploiting the popularity of open-source AI tools by distributing malicious packages and fake installers that can covertly install keyloggers, cryptominers, or infostealers. These fake tools compromise a user’s sensitive data and pose a threat, particularly when users have downloaded them from unverified sources,” comments Lisandro Ubiedo, Security Researcher with Kaspersky’s Global Research & Analysis Team.
To avoid such threats, Kaspersky recommends:
• Check the addresses of the websites to verify that they are genuine and to avoid a scam.
• Download offline LLM tools only from official sources (e.g., ollama.com, lmstudio.ai).
• Avoid using Windows on a profile with admin privileges.
• Use trusted cybersecurity solutions to prevent malicious files from launching.
For more information contact Kaspersky SA,
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version