The popularization of executable language models has created a new cyber -cyber threat vector. This is demonstrated by Deepsneak, a new and sophisticated malware that supplants Deepseek-R (one of the most used LLMs of the moment) to infect equipment through a false website promoted even in sponsored results of Google. Far from facilitating artificial intelligence work, this fraudulent version installs a Trojan that completely compromises user privacy.

As reported by the Global Research & Analysis Team (Great) team of Kaspersky, the attackers are using phishing techniques and supplant of digital identity to propagate malware. The victims are redirected to a falsified website that simulates being the official Deepseek platform, where tools are offered such as Ollama either LM Studio To use the without connection. But by clicking, the user not only installs legitimate software, but also a hidden component: Browserveoman infostealer that takes control of web traffic through malicious proxies.

What is Deepsneak and how does it act?

“Cybercriminals are increasingly exploiting the popularity of open source AI tools to distribute false installers that may include Keyloggers, Cryptominers either Infostealers“, alert Lisandro UbiedoKaspersky Security Analyst. “These false tools compromise the user sensitive data and suppose a serious cyber harm, especially when discharged from not verified sources.”

The attack is especially aimed at users of Windows with administrator privileges. Once installed, the malware configures all the system browsers to enront traffic through servers controlled by the attackers, which allows them to intercept credentials, navigation habits and other critical information.

Deepseek under attack: how to avoid falling into the trap

The deception is activated from the same search results page. Cybercriminals buy ads that appear when users look for terms such as “Deepseek R1”. If you click on them, the visitor is taken to a site which replicates Deepseek’s interface. Once there, a verification of the operating system is performed: if it is Windows, a button to download the local AI tools is shown. The file includes a routine that evade Windows defending and requires high permits to run.

The campaign has registered infections in countries such as Brazil, Mexico, India, Nepal, South Africa, Egypt and Cubademonstrating its global reach.

Kaspersky recommends concrete measures:

  • Carefully check the URL before downloading any tool.
  • Download only from official sites such as Ollama.com or lmstudio.ai.
  • Use reliable safety solutions that analyze files in real time.
  • Disable administrator privileges for daily tasks.
  • Evaluate the sponsored results before clicking.

The growing threat of malware in artificial intelligence environments

The Deepsneak case is not an isolated incident. The trend points to an increase in threats linked to the artificial intelligence ecosystem, especially in open source tools that can be executed without connection. Although these solutions offer greater control and privacy in the face of large cloud models, they also open the door to new attacks if they are discharged from un verified sources.

This type of threats demand a new digital literacy: It is not enough to know how to use, you also have to know how to identify when an AI is a trap.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.