Recherche : [installer]

That DeepSeek installer you just clicked? It's malware https://www.theregister.com/2025/06/11/deepseek_installer_or_infostealing_malware/

12/06/2025 09:19:50

Suspected cybercriminals have created a fake installer for Chinese AI model DeepSeek-R1 and loaded it with previously unknown malware called "BrowserVenom".

The malware’s name reflects its ability to redirect all traffic from browsers through an attacker-controlled server.

This enables the crooks to steal data, monitor browsing activity, and potentially expose plaintext traffic. Credentials for websites, session cookies, financial account info, plus sensitive emails and documents are therefore all at risk – just the sort of info scammers seek so they can commit digital fraud and/or sell to other miscreants.

To date, the malware has infected "multiple" computers across Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. Kaspersky, which spotted a phishing campaign that spreads the malware by sending victims to a fake website that resembles the real DeepSeek homepage, said it continues to "pose a global threat.”
While the malware used in this campaign is new, the tactic of using interest in AI to spread nasty payloads is increasingly common.

Such campaigns use phishing sites whose domain names differ slightly from those operated by real AI vendors, and criminals use malicious ads and other tactics, so they appear prominently in search engine results. But instead of delivering the promised chatbot or AI tool, they infect unwitting victims with everything from credential- and wallet-stealing malware to ransomware and Windows-borking code.

This campaign used the URL https[:]//deepseek-platform[.]com.

The crims promoted that address to many potential victims by buying ads from Google, so it appeared as the top result when users searched for "deepseek r1".

LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG https://asec.ahnlab.com/en/68309/

29/07/2024 09:29:05

LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc.

Reference: Distribution of MSIX Malware Disguised as Notion Installer

Deactivating Cortex XDR via repair function https://badoption.eu/blog/2024/03/23/cortex.html

26/03/2024 08:37:51

It is trivially possible to disable the Cortex EDR as a non-admin user by triggering a repair function. This is only working, if the Tamper Protection is not enforced! TL;DR; Trigger the repair via GUID Disrupt it when EDR is deactivated Done

Raspberry Robin gets the worm early https://redcanary.com/blog/raspberry-robin/

24/06/2022 10:22:25

Raspberry Robin is a worm spread by external drives that leverages Windows Installer to download a malicious DLL.

Liens par page

Filtres