01-31-2025, 11:35 PM
News DeepSeek’s Popularity Sparks Surge in Crypto Phishing and Malware Campaigns
<p><img width="1280" height="854" src="https://thecyberexpress.com/wp-content/uploads/DeepSeek.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="DeepSeek" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/DeepSeek.webp 1280w, https://thecyberexpress.com/wp-content/u...0x200.webp 300w, https://thecyberexpress.com/wp-content/u...4x683.webp 1024w, https://thecyberexpress.com/wp-content/u...8x512.webp 768w, https://thecyberexpress.com/wp-content/u...0x400.webp 600w, https://thecyberexpress.com/wp-content/u...0x100.webp 150w, https://thecyberexpress.com/wp-content/u...0x500.webp 750w, https://thecyberexpress.com/wp-content/u...0x761.webp 1140w" sizes="(max-width: 1280px) 100vw, 1280px" title="DeepSeek's Popularity Sparks Surge in Crypto Phishing and Malware Campaigns 6"></p><span data-contrast="auto">The rapid rise of DeepSeek, a Chinese artificial intelligence company known for its open-source large language models (LLMs), has sparked not only excitement but also a significant increase in cyber threats. As of January 2025, the company launched its first free chatbot app, “DeepSeek – AI Assistant,” which quickly became the most downloaded free app on the iOS App Store in the United States, surpassing even OpenAI’s ChatGPT.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">According to <a href="https://cyble.com/blog/deepseeks-growing-influence-sparks-a-surge-in-frauds-and-phishing-attacks/" target="_blank" rel="nofollow noopener">Cyble</a>, DeepSeek’s success has made it a trailblazer in the AI space, but it has also drawn the attention of cybercriminals, who are now using its reputation to fuel a variety of fraudulent activities, including phishing attacks, malware campaigns, and investment scams.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">DeepSeek’s Meteoric Rise and the Cybersecurity Risks That Follow</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
<span data-contrast="auto">Following the <a href="https://thecyberexpress.com/deepseek-security-data-leaks-jailbreaks/" target="_blank" rel="noopener">DeepSeek’s rapid popularity</a>, a concerning trend has emerged. Cybercriminals have begun to <a class="wpil_keyword_link" href="https://cyble.com/exploit/" target="_blank" rel="noopener" title="exploit" data-wpil-keyword-link="linked" data-wpil-monitor-id="20971">exploit</a> its growing recognition to launch scams and malware campaigns. According to recent investigations by Cyble Research and Intelligence Labs (CRIL), several suspicious websites have surfaced, impersonating DeepSeek in an attempt to deceive unsuspecting users. These sites are often tied to cryptocurrency <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-phishing/" target="_blank" rel="noopener" title="phishing" data-wpil-keyword-link="linked" data-wpil-monitor-id="20969">phishing</a> schemes and fraudulent investment opportunities, capitalizing on the trust DeepSeek has earned in the tech community.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">One of the key tactics used by threat actors (TAs) involves mimicking the legitimate DeepSeek platform to launch crypto phishing attacks. These schemes involve fraudulent websites that closely resemble DeepSeek’s official site, tricking users into scanning QR codes that ultimately compromise their crypto wallets. Such scams are becoming increasingly common, with cybercriminals taking advantage of popular platforms like <a href="https://thecyberexpress.com/deepseek-malicious-attacks-ai-breakthrough/" target="_blank" rel="noopener">DeepSeek</a> to lure users into unsafe situations.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Cyble has identified multiple fraudulent domains tied to these phishing campaigns, including:</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">abs-register[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deep-whitelist[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek-ai[.]cloud</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek[.]boats</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek-shares[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek-aiassistant[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">usadeepseek[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
</ul>
<span data-contrast="auto">These domains were linked to malicious efforts designed to extract users’ personal <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/" title="data" data-wpil-keyword-link="linked" data-wpil-monitor-id="20970">data</a>, steal cryptocurrency, or promote fraudulent investment schemes.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">The Growing Threat of Crypto Phishing</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
[caption id="attachment_100696" align="alignnone" width="602"]<img class="size-full wp-image-100696" src="https://thecyberexpress.com/wp-content/uploads/DeepSeek-campaign.webp" alt="DeepSeek campaign" width="602" height="293" /> Crypto phishing website impersonating DeepSeek (Source: Cyble)[/caption]
<span data-contrast="auto">One of the most common phishing tactics identified is the use of QR codes to trick users into compromising their crypto wallets. By creating websites that resemble DeepSeek’s official platform, cybercriminals encourage users to connect their wallets, often through deceptive "Connect Wallet" buttons. When a user selects a wallet option, such as MetaMask or WalletConnect, the website prompts them to scan a QR code. However, this action redirects users to a fraudulent address, which ultimately gives <a href="https://thecyberexpress.com/fake-emails-scam-indians-heres-what-to-know/" target="_blank" rel="noopener">cybercriminals</a> access to the wallet and its contents.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
[caption id="attachment_100697" align="alignnone" width="602"]<img class="size-full wp-image-100697" src="https://thecyberexpress.com/wp-content/uploads/DeepSeek-Scams.webp" alt="DeepSeek Scams" width="602" height="295" /> Phishing site displaying QR code (Source: Cyble)[/caption]
<span data-contrast="auto">Two specific websi</span><span data-contrast="auto">tes, abs-register[.]com and deep-whitelist[.]com, were fl</span><span data-contrast="auto">agged as part of this scheme. These phishing sites presented themselves as legitimate portals, luring unsuspecting crypto enthusiasts into connecting their wallets through a misleading interface.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">The use of QR codes in phishing schemes is not new, but the rise of platforms like DeepSeek has amplified its effectiveness. By leveraging the credibility of a trending service, cybercriminals are increasingly able to deceive even the most cautious users into falling for these attacks.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">Fake Investment Scams Exploit DeepSeek’s Popularity</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
<span data-contrast="auto">In addition to phishing attacks, fraudsters have also used DeepSeek’s growing prominence to promote fake investment opportunities. One of the more interesting examples discovered by Cyble was the dom</span><span data-contrast="auto">ain deepseek-shares[.]com, which wa</span><span data-contrast="auto">s registered on January 29, 2025. This fraudulent website posed as an official DeepSeek investment platform, claiming to offer pre-IPO shares of the company.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
[caption id="attachment_100701" align="alignnone" width="602"]<img class="size-full wp-image-100701" src="https://thecyberexpress.com/wp-content/uploads/Figure-6-–-Fake-investment-website.webp" alt="Fake-investment-website" width="602" height="296" /> Fake-investment-website (Source: Cyble)[/caption]
<span data-contrast="auto">The problem with this claim is that DeepSeek is a privately held company, and no official initial public offering (IPO) announcements have been made. The website's real purpose is to gather sensitive personal information from potential investors, which can later be exploited for phishing, identity theft, or financial <a class="wpil_keyword_link" href="https://cyble.com/cybercrime/fraud/" target="_blank" rel="noopener" title="fraud" data-wpil-keyword-link="linked" data-wpil-monitor-id="20973">fraud</a>.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">These types of <a href="https://thecyberexpress.com/generative-ai-making-scams-unstoppable/" target="_blank" rel="noopener">investment scams</a> are particularly dangerous because they prey on individuals eager to capitalize on the perceived success of a rapidly growing company. Fraudsters promise lucrative returns, but the goal is not to help investors profit—it’s to steal their personal data and funds.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">Malware Campaigns Linked to DeepSeek</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
<span data-contrast="auto">Beyond phishing and investment scams, there are also reports of <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-malware/" title="malware" data-wpil-keyword-link="linked" data-wpil-monitor-id="20975">malware</a> campaigns taking advantage of DeepSeek’s rising influence. According to Cyble’s research, several malicious websites have been found claiming to offer legitimate DeepSeek app downloads for various platforms, including Windows, iOS, and Android. While some of these sites appear to be under development, others may serve as entry points for malware.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">There have been reports of malware labeled <a href="https://thecyberexpress.com/atomic-stealer-amos-and-xehook-stealer/" target="_blank" rel="noopener">AMOS Stealer</a>, a type of credential-stealing software, being distributed through fraudulent DeepSeek-related downloads. This software can steal sensitive user data, including login credentials, and may even grant attackers full access to users’ online accounts.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">To avoid falling victim to such attacks, users are advised to only download the DeepSeek app from official sources. Any websites offering third-party downloads should be approached with caution, as they may be attempting to deliver malicious software.</span>
<h2><b><span data-contrast="auto">Conclusion </span></b><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":240,"335559739":240,"335559740":279}"> </span></h2>
<span data-contrast="auto">As DeepSeek’s popularity continues to soar, so does the risk of <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/" title="cyber" data-wpil-keyword-link="linked" data-wpil-monitor-id="20974">cyber</a> threats targeting its users, including phishing scams, fake investment schemes, and malware campaigns. To protect themselves, users must remain vigilant by verifying official sources, avoiding untrusted third-party websites and QR codes, and scrutinizing crypto projects before making any investments. They should also be cautious about unverified investment opportunities, as DeepSeek has not announced any official IPO or <a href="https://thecyberexpress.com/cybercriminals-capitalize-svb-collapse-scams/" target="_blank" rel="noopener">cryptocurrency launch</a>.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Employing reputable <a class="wpil_keyword_link" href="https://thecyberexpress.com/" title="security" data-wpil-keyword-link="linked" data-wpil-monitor-id="20972">security</a> software, keeping systems up to date, and staying informed about phishing and malware tactics are also crucial steps. By following these best practices, individuals can protect their personal information and avoid falling victim to cybercriminals seeking to exploit DeepSeek’s success.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
https://thecyberexpress.com/deepseeks-su...campaigns/
<p><img width="1280" height="854" src="https://thecyberexpress.com/wp-content/uploads/DeepSeek.webp" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="DeepSeek" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/DeepSeek.webp 1280w, https://thecyberexpress.com/wp-content/u...0x200.webp 300w, https://thecyberexpress.com/wp-content/u...4x683.webp 1024w, https://thecyberexpress.com/wp-content/u...8x512.webp 768w, https://thecyberexpress.com/wp-content/u...0x400.webp 600w, https://thecyberexpress.com/wp-content/u...0x100.webp 150w, https://thecyberexpress.com/wp-content/u...0x500.webp 750w, https://thecyberexpress.com/wp-content/u...0x761.webp 1140w" sizes="(max-width: 1280px) 100vw, 1280px" title="DeepSeek's Popularity Sparks Surge in Crypto Phishing and Malware Campaigns 6"></p><span data-contrast="auto">The rapid rise of DeepSeek, a Chinese artificial intelligence company known for its open-source large language models (LLMs), has sparked not only excitement but also a significant increase in cyber threats. As of January 2025, the company launched its first free chatbot app, “DeepSeek – AI Assistant,” which quickly became the most downloaded free app on the iOS App Store in the United States, surpassing even OpenAI’s ChatGPT.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">According to <a href="https://cyble.com/blog/deepseeks-growing-influence-sparks-a-surge-in-frauds-and-phishing-attacks/" target="_blank" rel="nofollow noopener">Cyble</a>, DeepSeek’s success has made it a trailblazer in the AI space, but it has also drawn the attention of cybercriminals, who are now using its reputation to fuel a variety of fraudulent activities, including phishing attacks, malware campaigns, and investment scams.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">DeepSeek’s Meteoric Rise and the Cybersecurity Risks That Follow</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
<span data-contrast="auto">Following the <a href="https://thecyberexpress.com/deepseek-security-data-leaks-jailbreaks/" target="_blank" rel="noopener">DeepSeek’s rapid popularity</a>, a concerning trend has emerged. Cybercriminals have begun to <a class="wpil_keyword_link" href="https://cyble.com/exploit/" target="_blank" rel="noopener" title="exploit" data-wpil-keyword-link="linked" data-wpil-monitor-id="20971">exploit</a> its growing recognition to launch scams and malware campaigns. According to recent investigations by Cyble Research and Intelligence Labs (CRIL), several suspicious websites have surfaced, impersonating DeepSeek in an attempt to deceive unsuspecting users. These sites are often tied to cryptocurrency <a class="wpil_keyword_link" href="https://cyble.com/knowledge-hub/what-is-phishing/" target="_blank" rel="noopener" title="phishing" data-wpil-keyword-link="linked" data-wpil-monitor-id="20969">phishing</a> schemes and fraudulent investment opportunities, capitalizing on the trust DeepSeek has earned in the tech community.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">One of the key tactics used by threat actors (TAs) involves mimicking the legitimate DeepSeek platform to launch crypto phishing attacks. These schemes involve fraudulent websites that closely resemble DeepSeek’s official site, tricking users into scanning QR codes that ultimately compromise their crypto wallets. Such scams are becoming increasingly common, with cybercriminals taking advantage of popular platforms like <a href="https://thecyberexpress.com/deepseek-malicious-attacks-ai-breakthrough/" target="_blank" rel="noopener">DeepSeek</a> to lure users into unsafe situations.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Cyble has identified multiple fraudulent domains tied to these phishing campaigns, including:</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<ul>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">abs-register[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deep-whitelist[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek-ai[.]cloud</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek[.]boats</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek-shares[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">deepseek-aiassistant[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
<li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">usadeepseek[.]com</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":0,"335559739":0}"> </span></li>
</ul>
<span data-contrast="auto">These domains were linked to malicious efforts designed to extract users’ personal <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-data/" title="data" data-wpil-keyword-link="linked" data-wpil-monitor-id="20970">data</a>, steal cryptocurrency, or promote fraudulent investment schemes.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">The Growing Threat of Crypto Phishing</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
[caption id="attachment_100696" align="alignnone" width="602"]<img class="size-full wp-image-100696" src="https://thecyberexpress.com/wp-content/uploads/DeepSeek-campaign.webp" alt="DeepSeek campaign" width="602" height="293" /> Crypto phishing website impersonating DeepSeek (Source: Cyble)[/caption]
<span data-contrast="auto">One of the most common phishing tactics identified is the use of QR codes to trick users into compromising their crypto wallets. By creating websites that resemble DeepSeek’s official platform, cybercriminals encourage users to connect their wallets, often through deceptive "Connect Wallet" buttons. When a user selects a wallet option, such as MetaMask or WalletConnect, the website prompts them to scan a QR code. However, this action redirects users to a fraudulent address, which ultimately gives <a href="https://thecyberexpress.com/fake-emails-scam-indians-heres-what-to-know/" target="_blank" rel="noopener">cybercriminals</a> access to the wallet and its contents.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
[caption id="attachment_100697" align="alignnone" width="602"]<img class="size-full wp-image-100697" src="https://thecyberexpress.com/wp-content/uploads/DeepSeek-Scams.webp" alt="DeepSeek Scams" width="602" height="295" /> Phishing site displaying QR code (Source: Cyble)[/caption]
<span data-contrast="auto">Two specific websi</span><span data-contrast="auto">tes, abs-register[.]com and deep-whitelist[.]com, were fl</span><span data-contrast="auto">agged as part of this scheme. These phishing sites presented themselves as legitimate portals, luring unsuspecting crypto enthusiasts into connecting their wallets through a misleading interface.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">The use of QR codes in phishing schemes is not new, but the rise of platforms like DeepSeek has amplified its effectiveness. By leveraging the credibility of a trending service, cybercriminals are increasingly able to deceive even the most cautious users into falling for these attacks.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">Fake Investment Scams Exploit DeepSeek’s Popularity</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
<span data-contrast="auto">In addition to phishing attacks, fraudsters have also used DeepSeek’s growing prominence to promote fake investment opportunities. One of the more interesting examples discovered by Cyble was the dom</span><span data-contrast="auto">ain deepseek-shares[.]com, which wa</span><span data-contrast="auto">s registered on January 29, 2025. This fraudulent website posed as an official DeepSeek investment platform, claiming to offer pre-IPO shares of the company.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
[caption id="attachment_100701" align="alignnone" width="602"]<img class="size-full wp-image-100701" src="https://thecyberexpress.com/wp-content/uploads/Figure-6-–-Fake-investment-website.webp" alt="Fake-investment-website" width="602" height="296" /> Fake-investment-website (Source: Cyble)[/caption]
<span data-contrast="auto">The problem with this claim is that DeepSeek is a privately held company, and no official initial public offering (IPO) announcements have been made. The website's real purpose is to gather sensitive personal information from potential investors, which can later be exploited for phishing, identity theft, or financial <a class="wpil_keyword_link" href="https://cyble.com/cybercrime/fraud/" target="_blank" rel="noopener" title="fraud" data-wpil-keyword-link="linked" data-wpil-monitor-id="20973">fraud</a>.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">These types of <a href="https://thecyberexpress.com/generative-ai-making-scams-unstoppable/" target="_blank" rel="noopener">investment scams</a> are particularly dangerous because they prey on individuals eager to capitalize on the perceived success of a rapidly growing company. Fraudsters promise lucrative returns, but the goal is not to help investors profit—it’s to steal their personal data and funds.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<h2 aria-level="3"><b><span data-contrast="none">Malware Campaigns Linked to DeepSeek</span></b><span data-ccp-props="{"134233117":false,"134233118":false,"134245418":true,"134245529":true,"335559738":281,"335559739":281}"> </span></h2>
<span data-contrast="auto">Beyond phishing and investment scams, there are also reports of <a class="wpil_keyword_link" href="https://thecyberexpress.com/what-is-malware/" title="malware" data-wpil-keyword-link="linked" data-wpil-monitor-id="20975">malware</a> campaigns taking advantage of DeepSeek’s rising influence. According to Cyble’s research, several malicious websites have been found claiming to offer legitimate DeepSeek app downloads for various platforms, including Windows, iOS, and Android. While some of these sites appear to be under development, others may serve as entry points for malware.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">There have been reports of malware labeled <a href="https://thecyberexpress.com/atomic-stealer-amos-and-xehook-stealer/" target="_blank" rel="noopener">AMOS Stealer</a>, a type of credential-stealing software, being distributed through fraudulent DeepSeek-related downloads. This software can steal sensitive user data, including login credentials, and may even grant attackers full access to users’ online accounts.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">To avoid falling victim to such attacks, users are advised to only download the DeepSeek app from official sources. Any websites offering third-party downloads should be approached with caution, as they may be attempting to deliver malicious software.</span>
<h2><b><span data-contrast="auto">Conclusion </span></b><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":240,"335559739":240,"335559740":279}"> </span></h2>
<span data-contrast="auto">As DeepSeek’s popularity continues to soar, so does the risk of <a class="wpil_keyword_link" href="https://thecyberexpress.com/cyber-news/" title="cyber" data-wpil-keyword-link="linked" data-wpil-monitor-id="20974">cyber</a> threats targeting its users, including phishing scams, fake investment schemes, and malware campaigns. To protect themselves, users must remain vigilant by verifying official sources, avoiding untrusted third-party websites and QR codes, and scrutinizing crypto projects before making any investments. They should also be cautious about unverified investment opportunities, as DeepSeek has not announced any official IPO or <a href="https://thecyberexpress.com/cybercriminals-capitalize-svb-collapse-scams/" target="_blank" rel="noopener">cryptocurrency launch</a>.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
<span data-contrast="auto">Employing reputable <a class="wpil_keyword_link" href="https://thecyberexpress.com/" title="security" data-wpil-keyword-link="linked" data-wpil-monitor-id="20972">security</a> software, keeping systems up to date, and staying informed about phishing and malware tactics are also crucial steps. By following these best practices, individuals can protect their personal information and avoid falling victim to cybercriminals seeking to exploit DeepSeek’s success.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335559738":240,"335559739":240}"> </span>
https://thecyberexpress.com/deepseeks-su...campaigns/