Malicious software disguised as an AI assistant steals sensitive data

Kaspersky GReAT researchers have discovered a new wave of Trojan attacks via a fake DeepSeek-R1 Large Language Model (LLM) application for computers. The previously unknown malware is distributed via a phishing website that pretends to be the official DeepSeek homepage, which is promoted through Google ads. The purpose of the attacks is to install BrowserVenom malware, which changes the web browser settings of the victim's device so that all online activity passes through their own servers, allowing them to collect login credentials and other sensitive user data. Multiple attacks have been detected in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt.

DeepSeek-R1 is one of the most popular Large Language Models (LLMs) at the moment, and Kaspersky has previously reported attacks using malware that mimics it to attract victims. DeepSeek can also be run offline on computers using tools such as Ollama or LM Studio, and attackers exploited this capability.

Users were redirected to a phishing website that mimicked the address of the official DeepSeek platform through Google ads, with the link appearing when someone searched for the term “deepseek r1.” After the user entered the fake DeepSeek website, the device's operating system was checked. If Windows was detected, an option to download tools for offline use of LLM was displayed. During the investigation period, other operating systems were not targeted.

After the user clicked and passed the CAPTCHA test, the download of a malicious installer began, and the user was given the option to choose between Ollama or LM Studio. If the user selected one of the two available options, the malicious files were installed alongside the genuine Ollama or LM Studio installers. The malicious software used a special algorithm to bypass Windows Defender protection. Successful installation required administrator rights on the user account. If these rights were not available, the attack was not completed.

Once the malicious program was installed, it changed the settings of all browsers and forced them to use a proxy server controlled by the attackers. This allowed the perpetrators to monitor online activity and gain access to sensitive browsing data. Kaspersky researchers named this threat “BrowserVenom,” highlighting its dangerous nature.

To protect yourself from such threats, Kaspersky recommends:

• Always check the address of websites to make sure they are authentic and avoid scams.
• Only download LLM tools for offline use from official sources (e.g., ollama.com, lmstudio.ai).
• Use reliable security solutions that prevent malicious files from running.
• Verify that the results of your internet searches are indeed valid and reliable.
• Avoid using Windows profiles with administrator privileges for everyday use.