Malware And Backdoors Disguised As DeepSeek Client Are On The Rise

Introduction

One of the major developments in the artificial intelligence (AI) field early in 2025 was the launch of DeepSeek-R1, a reasoning large language model (LLM) with open weights. Available for both local operation and free online use, DeepSeek quickly gained popularity, similar to the earlier success of ChatGPT. However, with this rise in popularity, cybercriminals also began to exploit it.

Recent analysis of our internal threat intelligence data has revealed numerous websites mimicking the official DeepSeek chatbot to distribute harmful code pretending to be legitimate client software for DeepSeek.

Scheme 1: Python Stealer and Non-existent DeepSeek Client

The first set of fraudulent websites were found on domains containing variations of the DeepSeek model names (like V3 and R1):

r1-deepseek.net;
v3-deepseek.com.

In the screenshots of these fake websites, users noticed the absence of chat options – only a download button was present. This is concerning because the genuine DeepSeek lacks an official Windows client.

When downloading the application masquerading as the DeepSeek client, users receive a file named deep-seek-installation.zip. Inside this archive is a shortcut file (.lnk) that directs users to a URL.

Fake Page Modifications

As of March 2025, attackers had altered the fake page on v3-deepseek.com to request users to download a client for another AI model, Grok, developed by xAI. Users encountered similar scams on domains like v3-grok.com. The archive labeled grok-ai-installation.zip also included a malicious shortcut. Executing this file would trigger a script that connects to a malicious URL, eventually downloading further harmful files.

Data Theft Potential

The downloaded payload is designed to steal sensitive information. It has the potential to retrieve cookies, session tokens from browsers, credentials for various services, files with specific extensions, and even cryptocurrency wallet details.

Scheme 2: Malicious Script and A Million Views

Another set of fraudulent DeepSeek websites emerged under these domains:

deepseek-pc-ai.com;
deepseek-ai-soft.com.

Initially, the first domain showcased a default Apache server page. However, it later changed to mimic the DeepSeek website, evidently deploying geofencing techniques. Requests from specific IP addresses, particularly Russian ones, show a placeholder page filled with generic SEO content generated by AI.

Malicious Downloads

Users are drawn in by prompts to download the DeepSeek client or initiate the chatbot, resulting in the download of a harmful installer labeled as a legitimate application. Kaspersky has recognized this malware as a Trojan Downloader.

Scheme 3: Backdoors and Attacks on Chinese Users

Several domains were found distributing executable files for malicious purposes, including:

app.delpaseek.com;
app.deapseek.com;
dpsk.dghjwd.cn.

These attacks primarily target technically skilled users. The malware disguised itself as a framework for running LLMs, reducing suspicion. Kaspersky’s systems identified such payloads as a backdoor, allowing unauthorized access to infected devices.

Vulnerabilities in Distribution

In some attacks, users inadvertently downloaded a zip file named deep_windows_Setup.zip, which contained malicious executables. These installers employ DLL sideloading tactics to execute hidden malware, thus compromising victim information.