Monday 10 Mar
Kaspersky cybersecurity experts have uncovered a sophisticated phishing campaign that exploited the growing interest in generative AI technologies, specifically the DeepSeek platform, to distribute malware. Cybercriminals used advanced techniques, including geolocation, compromised business accounts, and coordinated botnets, resulting in over 1.2 million views of their malicious posts on the X platform (formerly Twitter).
The attackers created fake websites mimicking the official DeepSeek platform, using misleading domain names to lure victims. These sites employed geolocation technology to analyse each visitor's IP address and tailor the displayed content accordingly, helping them optimize their targeting and avoid detection.
Vasily Kolesnikov, a senior malware analyst at Kaspersky,
explained that this campaign represents a significant evolution in social
engineering tactics. The attackers exploited the widespread enthusiasm for
generative AI technologies and combined targeted geolocation, compromised
accounts, and botnets to reach a broad audience and bypass security defenses.
The X platform was the primary channel for this campaign,
where an official account of an Australian company was compromised to post
fraudulent links. The malicious post alone garnered approximately 1.2 million
views and hundreds of retweets, mostly from coordinated bot accounts.
Victims were directed to download a fake version of the
DeepSeek application, which contained malware allowing attackers to remotely
control victims' devices.
Kaspersky security products detect and block all malware
installation activities associated with this campaign, including variants of
the malware known as Trojan-Downloader.Win32.TookPS.*.
