Kaspersky’s Threat Research and AI Technology Research recently uncovered a highly sophisticated cyber deception campaign that exploited the growing popularity of DeepSeek AI, a generative AI chatbot, to distribute malware through fraudulent websites.
Through advanced tactics such as geofencing, compromised business accounts, and coordinated bot networks, cybercriminals targeted millions of users.
Hackers managed to create fake replicas of the official DeepSeek website, using domain names that mimicked the legitimate platform. These malicious sites employed geofencing technology to dynamically alter content based on the visitor’s geographic location, allowing the attackers to tailor their approach and evade detection.
With millions of users online, these cyber attackers then used social media platform X (formerly Twitter) to spread these fraudulent links through an account, belonging to a legitimate Australian company, they had compromised.
These cybercriminals even went further to use coordinated bot accounts to boost their posts to lure in more users. For instance, one of their posts managed to garner over one million impressions and hundreds of reposts.
Once users were lured to the fraudulent websites, they were prompted to download a fake DeepSeek client application. Instead of the promised software, the sites delivered malicious installers that, when executed, granted attackers unauthorized remote access to the victim’s system.
Using Base64-encoded PowerShell scripts, which reconfigure the Windows SSH service with attacker-controlled keys, hackers were able to access a user’s personal data.
Users who lacked updated cybersecurity fell victim to these tactics, showcasing the evolving nature of cyber threats and the need for heightened vigilance. With a majority of Kenyans, especially in urban areas, highly active on social media platforms, this campaign continues to pose a significant risk.
There is a need to invest in cybersecurity, not only individually but in terms of businesses as well. With many now integrating digital tools in their daily operations, a trusted security software is a must to stay ahead of evolving cybercriminals.
Governments, private sector players, and individuals must also collaborate to narrow the gap created by the lack of robust cybersecurity infrastructure and limited awareness that further exacerbates the risk.
