BrowserVenom Malware Exploits DeepSeek AI Interest to Target Windows Users

'BrowserVenom' Windows Malware Preys on Users Looking to Run DeepSeek AI

It's possible to run some of today's AI chatbots locally on your PC. Just be careful: A newly discovered strain of Windows malware is exploiting interest in DeepSeek's AI models to infect victim computers. The attack delivers the "BrowserVenom" malware, which can secretly spy on and manipulate a user's internet traffic, according to the antivirus provider Kaspersky. Hackers spread the attack through Google ads that appeared on search results for "deep seek r1," DeepSeek's latest AI models, which are available online. The problem is that newbies to generative AI may not be aware of the official domains hosting the R1 model. Clicking on the Google ads redirected users to a fake DeepSeek domain at "https[:]//deepseek-platform[.]com," which presented a button to download the R1 model. The goal was to dupe the user into downloading a malicious file called "AI_Launcher_1.21.exe." "We examined the source code of both the phishing and distribution websites and discovered comments in Russian related to the websites' functionality, which suggests that they are developed by Russian-speaking threat actors," Kaspersky says. Running the malicious .exe file presented a fake screen to install R1. But in the background, the program delivered the BrowserVenom malware, which reconfigured a PC's browsers to route traffic through a proxy server controlled by the hackers. "This enables them to sniff sensitive data and monitor the victim's browsing activity while decrypting their traffic," Kaspersky says. The good news is that the malicious domain behind the attack has been suspended. However, the malware, which can evade most antivirus software, did hit some users. Kaspersky has "detected multiple infections in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt." The report is a reminder to make sure you're visiting an official domain or channel for an AI company before downloading anything. Running open-source AI programs, such as R1, on a PC also requires multiple steps; it's not just a single conveniently designed Windows executable.

That DeepSeek installer you just clicked? It's malware

Suspected cybercriminals have created a fake installer for Chinese AI model DeepSeek-R1 and loaded it with previously unknown malware called "BrowserVenom". The malware's name reflects its ability to redirect all traffic from browsers through an attacker-controlled server. This enables the crooks to steal data, monitor browsing activity, and potentially expose plaintext traffic. Credentials for websites, session cookies, financial account info, plus sensitive emails and documents are therefore all at risk - just the sort of info scammers seek so they can commit digital fraud and/or sell to other miscreants. To date, the malware has infected "multiple" computers across Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. Kaspersky, which spotted a phishing campaign that spreads the malware by sending victims to a fake website that resembles the real DeepSeek homepage, said it continues to "pose a global threat." While the malware used in this campaign is new, the tactic of using interest in AI to spread nasty payloads is increasingly common. Such campaigns use phishing sites whose domain names differ slightly from those operated by real AI vendors, and criminals use malicious ads and other tactics, so they appear prominently in search engine results. But instead of delivering the promised chatbot or AI tool, they infect unwitting victims with everything from credential- and wallet-stealing malware to ransomware and Windows-borking code. This campaign used the URL https[:]//deepseek-platform[.]com. The crims promoted that address to many potential victims by buying ads from Google, so it appeared as the top result when users searched for "deepseek r1". Google says it has booted the attack ads. "Prior to the publication of this report, we detected this malware campaign and suspended the advertiser's account," a Google spokesperson told The Register. Once Windows users reach the site, it prompts them to click a button marked "Try now." Kaspersky observed that users on other platforms are shown similarly misleading buttons with different wording. Clicking the button takes the user to a CAPTCHA screen, which gives the site a veneer of legitimacy. The page also contains hidden JavaScript, which checks to make sure the user is not a bot so crooks know they've found a human worth targeting. After solving the CAPTCHA, the victim is redirected to a download page featuring a "Download now" button. Clicking that downloads the malicious installer, AI_Launcher_1.21.exe, from this domain: https://r1deepseek-ai[.]com/gg/cc/AI_Launcher_1.21.exe. According to Kaspersky, the crooks' site code includes comments in Russian, suggesting they speak the language. The security shop has not, however, attributed this campaign to a specific cybercrime group or individual. The installer, when executed, opens another window that mimics a Cloudflare CAPTCHA (also fake) that once again verifies the victim is a human. The malware next directs the user to a screen that offers users the option of downloading and installing either Ollama or LM Studio on which to run DeepSeek. It doesn't matter which one they click: either triggers the BrowserVenom infection. When executed, the malware first checks if the user has admin privileges. If not, the malware stops. For those deemed worthy of infection, BrowserVenom installs an attacker-created hardcoded certificate, thus giving the criminals persistent access and allowing them to intercept traffic. BrowserVenom also adds a hardcoded proxy server address to all currently installed and running browsers, which also allows its operators to monitor victims' traffic.

Watch out - that DeepSeek installer could be damaging malware

The malware relays sensitive data to attacker-controlled servers Cybersecurity researchers from Kaspersky have spotted a new malware distribution campaign abusing DeepSeek as a lure. In a report, the experts say unidentified hackers created a spoofed version of the DeepSeek-R1 website, on which they hosted Ollama or LM Studio, tools which enable users to run large language models (LLM) locally on the computer, without needing an internet connection. However the tools were bundled with a piece of malware called BrowserVenom, which configures web browsers to channel all traffic through the attackers' server. As a result, any sensitive data, such as credentials, move through malicious servers first, where they can easily be picked up. The site was being advertised through Google Ads, and when victims clicked on the download button, the site first checks which operating system they are using, and if they're on Windows - serves the malware. Other OS users were not targeted - but Windows users had to pass a CAPTCHA, after which they get served the malware. Kaspersky says that BrowserVenom bypasses Windows Defender's protection "with a special algorithm", but did not elaborate further. It did stress that the infection process requires admin privileges for the Windows user profile, and otherwise won't even run. Most victims were located in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt, Kaspersky added, but did not say how many people were affected. "While running large language models offline offers privacy benefits and reduces reliance on cloud services, it can also come with substantial risks if proper precautions aren't taken, commented Kaspersky's Security Researcher, Lisandro Ubiedo. "Cybercriminals are increasingly exploiting the popularity of open-source AI tools by distributing malicious packages and fake installers that can covertly install keyloggers, cryptominers, or infostealers. These fake tools compromise a user's sensitive data and pose a threat, particularly when users have downloaded them from unverified sources."