Fake AI Assistant DeepSneak Steals User Data

ShiftDelete.net
FOLLOW US

DeepSneak Steals User Data Through Scam

Cybercriminals exploit offline LLM tools to install spyware in Windows systems worldwide

DeepSneak

A dangerous new cyber threat has emerged, targeting unsuspecting users who search for the DeepSeek-R1 large language model (LLM). Cybersecurity researchers at Kaspersky Global Research and Analysis Team have uncovered a malware campaign that disguises itself as a legitimate AI assistant download, only to steal sensitive user data using a malicious tool named BrowserVenom.

A Sophisticated Trap

The malware is spread through a phishing website that mimics the official DeepSeek homepage and is promoted via Google Ads. When users search for “DeepSeek R1,” a malicious ad redirects them to the fake site. If the victim is using a Windows operating system, they are offered to download tools like Ollama or LM Studio, which are normally used to run LLMs offline.

But here’s the twist: the downloaded installer includes both legitimate software and a stealth Trojan, which bypasses Windows Defender protections using a special algorithm. The infection only succeeds if the user has administrator privileges on their Windows profile.

Once Inside: Total Browser Hijack

After installation, all browsers on the device are reconfigured to use a forced proxy controlled by the attackers. This allows them to intercept browsing data, including credentials, cookies, and online activity. Kaspersky dubbed the malware BrowserVenom due to its aggressive takeover of internet traffic.

Global Impact

Infections have already been confirmed in several countries, including Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. The scale and reach of this campaign indicate that attackers are specifically targeting regions with growing interest in local LLM use.

Lisandro Ubiedo, security researcher at Kaspersky, stated:

“While running LLMs offline offers privacy benefits, it also opens the door to serious risks if precautions are not taken. Attackers are capitalizing on the popularity of open-source AI tools to distribute fake packages that embed spyware, keyloggers, or crypto miners.”

FBI Issues Urgent Warning: BADBOX 2 Botnet Hijacks Millions of Smart Devices!

FBI Issues Urgent Warning: BADBOX 2 Botnet Hijacks Millions of Smart Devices!

The newly uncovered BADBOX 2 botnet infects Internet-of-Things (IoT) devices—especially low-cost gadgets produced by unverified Chinese manufacturers

How to Stay Safe

Kaspersky recommends the following actions to avoid falling victim:

  • Always check website URLs carefully before downloading AI tools.
  • Download offline LLM software only from official sites (e.g., ollama.com, lmstudio.ai).
  • Avoid using admin accounts on Windows for daily tasks.
  • Install a trusted cybersecurity solution to detect and block malicious files.
AI malware
BrowserVenom
deepseek
kaspersky
Tags: cyberattack

SDN Comments 0 Comments

Comment

Related News

DDR4 RAM prices have peaked: A crisis is looming!
DDR4 RAM prices have peaked: A crisis is looming!
Audi unveils its new sports car
Audi unveils its new sports car
Interesting development regarding the Nvidia RTX 5060
Interesting development regarding the Nvidia RTX 5060
The series “Organize İşler” is taking shape
The series “Organize İşler” is taking shape

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio