DeepSeek installer or just malware in disguise? Click around and find out

Suspected cybercriminals have created a fake installer for Chinese AI model DeepSeek-R1 and loaded it with previously unknown malware called "BrowserVenom".

The malware’s name reflects its ability to redirect all traffic from browsers through an attacker-controlled server.

This enables the crooks to steal data, monitor browsing activity, and potentially expose plaintext traffic. Credentials for websites, session cookies, financial account info, plus sensitive emails and documents are therefore all at risk – just the sort of info scammers seek so they can commit digital fraud and/or sell to other miscreants.

To date, the malware has infected "multiple" computers across Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt. Kaspersky, which spotted a phishing campaign that spreads the malware by sending victims to a fake website that resembles the real DeepSeek homepage, said it continues to "pose a global threat.”

While the malware used in this campaign is new, the tactic ...