- 3,002
- 280
- 1,730
Researchers warn that hundreds of fake websites posing as DeepSeek have appeared online. Attackers use such resources for phishing attacks, stealing credentials, cryptocurrency, and more.
Independent information security researcher Dominic Alvieri, who monitors the emergence of such sites, has already counted more than 50 active fraudulent resources and more than 1,000 domains that have already been registered but have not yet been used for attacks.
[td]Some of the fakes Alvieri spotted[/td]According to the expert, some fake versions of DeepSeek are hosted on domains such as deepseek-login[.]com, and their goal is to trick users into entering their credentials. Other fakes are aimed at stealing cryptocurrency wallet data, while others advertise a cryptocurrency scam.
However, in some cases, it is not difficult to recognize the fake. As an example, the researcher cited a site whose authors could not even spell the word “Platform” correctly, and they came up with “Plateform”. However, other sites (especially phishing resources designed to steal credentials) are much better designed, and they are already harder to distinguish from the original. In addition, the quality of malicious sites continues to gradually improve. According to Alvieri, he and other information security specialists were able to shut down some of the fraudulent resources, but soon dozens of new ones took their place. Analysts from ESET and Cyble are also monitoring the DeepSeek-related fraud wave. For example, Cyble experts have found websites that trick visitors into connecting their cryptocurrency wallets, allowing attackers to steal victims' funds. During such attacks, users are forced to scan QR codes. In addition, experts have noticed fake DeepSeek websites advertising an investment scam. Some of these resources claim to offer DeepSeek shares even before the company's IPO. They have also found websites for collecting users' personal information (name and email address) and websites offering to download DeepSeek applications, which may contain malware. It should be noted that a recent DeepSeek-related fraudulent campaign was even discovered in the PyPI repository. As experts note, attackers are currently actively using the window of opportunity to deceive users while messages about fakes and fraud have not yet had time to spread widely. @ xakep.ru
Independent information security researcher Dominic Alvieri, who monitors the emergence of such sites, has already counted more than 50 active fraudulent resources and more than 1,000 domains that have already been registered but have not yet been used for attacks.
However, in some cases, it is not difficult to recognize the fake. As an example, the researcher cited a site whose authors could not even spell the word “Platform” correctly, and they came up with “Plateform”. However, other sites (especially phishing resources designed to steal credentials) are much better designed, and they are already harder to distinguish from the original. In addition, the quality of malicious sites continues to gradually improve. According to Alvieri, he and other information security specialists were able to shut down some of the fraudulent resources, but soon dozens of new ones took their place. Analysts from ESET and Cyble are also monitoring the DeepSeek-related fraud wave. For example, Cyble experts have found websites that trick visitors into connecting their cryptocurrency wallets, allowing attackers to steal victims' funds. During such attacks, users are forced to scan QR codes. In addition, experts have noticed fake DeepSeek websites advertising an investment scam. Some of these resources claim to offer DeepSeek shares even before the company's IPO. They have also found websites for collecting users' personal information (name and email address) and websites offering to download DeepSeek applications, which may contain malware. It should be noted that a recent DeepSeek-related fraudulent campaign was even discovered in the PyPI repository. As experts note, attackers are currently actively using the window of opportunity to deceive users while messages about fakes and fraud have not yet had time to spread widely. @ xakep.ru