DeepSeek's rise fuels more fraud and phishing attacks -

DeepSeek’s rise fuels more fraud and phishing attacks

DeepSeek, a fast-growing Chinese AI company, has shaken up the industry and caught cybercriminals’ attention.

After its AI Assistant app became the top free iOS app in January 2025, surpassing ChatGPT, scammers used its popularity for phishing, scams, and malware.

Fraudsters also created fake DeepSeek websites to target cryptocurrency users.

Fake sites like abs-register[.]com and deep-whitelist[.]com trick users into linking their crypto wallets. Scanning a QR code on these sites can compromise wallets, risking fund loss.

Cyble analysts found that phishing sites often mimic trusted wallet services like MetaMask and WalletConnect, making them more convincing.

Technical Details:

Targeted Wallets: MetaMask, WalletConnect
Attack Method: QR code phishing
Example URLs:
- hxxp://abs-register[.]com
- hxxps://deep-whitelist[.]com

Rise in Frauds & Phishing
Another common scam promotes fake crypto tokens called “DeepSeekAI Agent.”

Fraudulent Activity & Security Risks

Scammers offer fake “DeepSeekAI Agent” tokens but prevent withdrawals or trades. The token address 0x27238b76965387f5628496d1e4d2722b663d2698 is blacklisted as a honeypot.

Sites like deepseek-shares[.]com falsely advertise pre-IPO shares to deceive investors. DeepSeek has no IPO, and these scams aim to steal personal data.

Cybercriminals also use DeepSeek’s name to distribute malware, including AMOS Stealer, which steals data, credentials, and executes remote commands.

Malware Indicators:

File names: Variants starting with “DeepSeek”
SHA256 Hashes:
- e596da76aaf7122176eb6dac73057de4417b7c24378e00b10c468d7875a6e69e
- a3d06ffcb336cba72ae32e4d0ac5656400decfaf40dc28862de9289254a47698

DeepSeek’s open-source language models are vulnerable to jailbreaking techniques like “Crescendo” and “Deceptive Delight,” generating harmful outputs such as phishing scripts and keyloggers.

Example Code Output: