JAKARTA - Kaspersky researchers discovered a new dangerous campaign that distributes Trojans through the fake Large Language Model (LLM) application DeepSek-R1 for PCs.
Cybercriminals are increasingly exploiting the popularity of open source AI tools by distributing malicious packages and fake installers who can secretly install keyloggers, cryptominers, or infostealers, said Lisandro Ubiedo, Security Researcher at Kaspersky's GReAT.
The malware is sent via phishing sites pretending to be the official DeepSek homepage which is promoted through Google Ads.
So, once the user reaches a fake DeepSek site, the check is carried out to identify the victim's operating system. After clicking the button and passing the CAPTCHA test, the malicious installer file is downloaded and the user is given the option to download and install Ollama or LM Studio.
The purpose of this attack is to install BrowserVenom, malware to channel web traffic through attacker servers, thus enabling user data collection.
SEE ALSO:
Several infections have been detected in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. Due to its coercive nature and malicious intent, Kaspersky researchers have dubbed this malware BrowserVenom.
"Although offline running large language models offers privacy benefits and reduces dependence on cloud services, it could also pose a great risk if proper precautions are not taken," added Leandro.
To avoid such threats, Kaspersky recommends:
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
