Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware

The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking legitimate DeepSeek ads but redirecting victims to malicious websites designed to distribute malware. Cybercriminals have launched a sophisticated attack campaign leveraging Google’s sponsored search results to target users searching for DeepSeek, the increasingly popular AI platform. Security experts recommend avoiding clicking on sponsored search results altogether and considering ad-blockers to prevent exposure to these increasingly sophisticated malvertising campaigns that blend technical exploitation with social engineering tactics. The attack begins when users search for DeepSeek on Google and encounter sponsored results that appear authentic at first glance. The researchers noted that the campaign’s success rate appears high enough that attackers can afford to outbid legitimate brands for sponsored placement in Google’s search results, indicating a potentially lucrative operation. Another similar campaign identified by researchers used “deepseakr.com” with advertisements published under Hebrew-language publisher names, suggesting multiple attack vectors or potential geographic targeting. The fake website “deepseek-ai-soft.com” implements design elements that closely mimic legitimate AI platforms, complete with convincing copy promising “DeepSeek-R1” availability “on web, app, and API” and marketing phrases like “Better than ChatGPT” to entice downloads. These imposter sites feature download buttons that, when clicked, deliver a Trojan programmed in Microsoft Intermediate Language (MSIL), demonstrating the attackers’ technical sophistication in creating cross-platform threats that could potentially target macOS users. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This campaign represents a growing trend of threat actors exploiting trusted digital advertising platforms to deliver malicious payloads to unsuspecting users. The malicious ads direct users to carefully constructed fake websites that closely resemble the official DeepSeek platform. Malwarebytes researchers identified the malware delivered through these fake ads as “Malware.AI.1323738514” through their Artificial Intelligence detection module.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 28 Mar 2025 08:10:19 +0000