Malware attack disguises itself as DeepSeek installer

Graham Cluley
Graham Cluley @

 @grahamcluley.com
 / grahamcluley

Malware attack disguises itself as DeepSeek installer

Cybercriminals are exploiting the growing interest in open source AI models by disguising malware as a legitimate installer for DeepSeek.

Victims are unwittingly downloading the “BrowserVenom” malware designed to steal stored credentials, session cookies, etc and gain access to cryptocurrency wallets.

How are the bad guys spreading the malware? By buying Google ads… sigh… which point to a fake DeepSeek download page.

Sign up to our free newsletter.
Security news, advice, and tips.

Google says it has suspended the advertiser’s account. No doubt the cybercriminals won’t… oh, i don’t know… just create another account and try again, perhaps?

I think it would be better if the whole world ignored all Google ads, or.. hey.. perhaps ditched Google altogether.

Find more discussion of this issue in the comments on my LinkedIn post.

Graham Cluley
Graham Cluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on LinkedIn, Bluesky and Mastodon, or drop him an email.

You may also like...

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.