TZUTC: -0500   
   MSGID: 427.consprcy@1:2320/105 2c357670   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Criminals are spreading malware disguised as DeepSeek AI   
      
   Date:   
   Tue, 11 Mar 2025 11:05:14 +0000   
      
   Description:   
   Huge advertising campaign on X is promoting malware posing as DeepSeek.   
      
   FULL STORY   
   ======================================================================   
    - Fake DeepSeek websites are popping up and distributing malware   
    - The sites are followed by a huge promotion campaign on X   
    - The campaign generated more than a million views, experts warn   
      
   Cybercriminals are taking advantage of the hype surrounding AI hot-shot   
   Deepseek to trick people into downloading malware , while evading scrutiny   
   from security analysts, experts have warned.    
      
   Researchers at Kaspersky recently observed a sophisticated campaign    
   consisting of compromised X accounts, coordinated bot activity, and   
   geofencing.    
      
   The researchers said the cybercriminals created multiple websites to mimic    
   the original Deepseek page. They set the pages up in such a way that they   
   analyzed every visitors IP address, and altered the content dynamically,    
   based on the location of the visitor. That way, they were able to display   
   malicious content to some people, and benign content to others.    
      
   The targets were shown fake Deepseek software which granted the attackers    
   full remote unauthorized access to their computers.    
      
   The hackers also got to advertising - stealing an X account belonging to a   
   legitimate Australian company, and posted content that promoted the fake   
   websites. They used a network of X bots to comment and share the content,   
   generating more than a million views on the microblogging platform.   
      
   "Notable sophistication"   
      
   "This campaign demonstrates notable sophistication beyond typical social   
   engineering attacks," explained Vasily Kolesnikov, senior malware analyst at   
   Kaspersky Threat Research.    
      
   "Attackers exploited the current hype around generative AI technology,   
   skillfully combining targeted geofencing, compromised business accounts and   
   orchestrated bot amplification to reach a substantial audience while    
   carefully evading cybersecurity defenses."    
      
   This is yet another proof that internet buzz does not translate to    
   legitimacy. Cybercriminals are getting better at faking engagement, inflating   
   download numbers, and writing fraudulent positive reviews.    
      
   To remain safe on the internet, one must be vigilant at all times. Do not   
   trust - verify, should be the mantra, as scam campaigns get more    
   sophisticated and more difficult to spot.    
      
   Software should always be downloaded from legitimate sources, whose URLs need   
   to be checked meticulously. Finally, one should have a security program set   
   up, and should keep their software up to date at all times.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/criminals-are-spreading-malware-disguis   
   ed-as-deepseek-ai   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426