The malware campaign uses a deceptive phishing website that closely mimics the official DeepSeek platform, tricking users into downloading a malicious application that steals login credentials and sensitive information. Once installed, the malicious application displays an icon identical to the legitimate DeepSeek app, making it difficult for users to identify the threat. The parent app extracts a hidden “.cat” file from its assets folder and copies it to the device as “Verify.apk” before installing it as the child package. Their analysis revealed that the malware is being distributed through a phishing link: hxxps://deepsekk[.]sbs, which downloads a malicious APK file to the victim’s device. The infection process results in two instances of the DeepSeek malware being installed on the device, each with a different package name. K7 Security Labs researchers detected this threat after observing a suspicious Twitter post about a fake DeepSeek Android application. After installation, the child application persistently requests Accessibility Service permissions, giving the malware extensive control over the device. Users are advised to download applications only from official sources like Google Play, keep their devices updated with the latest security patches, and use reputable security solutions to detect and prevent such threats. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. DeepSeek, an advanced artificial intelligence chatbot developed by a Chinese startup based in Hangzhou, released its first application for iOS and Android platforms in January 2025. When launched, the malware presents an update screen prompting users to enable the “Allow from this source” option and install an additional component. Technical analysis shows the primary package “com.hello.world” acting as a parent app, which then installs a secondary “com.vgsupervision_kit29” package as the child app. A sophisticated Android banking trojan known as OctoV2 has been discovered masquerading as the legitimate DeepSeek AI application. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Mar 2025 10:00:09 +0000