DeepSeek, a Chinese AI company, has quickly gained popularity with its chatbot app, leading to an increase in cybercriminal activities targeting its users through phishing and fraudulent schemes. Affected: abs-register[.]com, deep-whitelist[.]com, deepseek-ai[.]cloud, deepseek[.]boats, deepseek-shares[.]com, deepseek-aiassistant[.]com, usadeepseek[.]com
Keypoints :
- DeepSeek launched its first free chatbot app in January 2025, becoming the most downloaded app on the iOS App Store.
- Cybercriminals are exploiting DeepSeek’s popularity through phishing campaigns and fake investment scams.
- Multiple suspicious websites impersonating DeepSeek have been identified, linked to crypto phishing schemes.
- Fraudulent websites promote fake DeepSeek tokens and investment opportunities, leading to financial losses for victims.
- DeepSeek has not launched any official cryptocurrency or IPO, making such claims fraudulent.
- Users are advised to verify sources and avoid interactions with suspicious websites.
MITRE Techniques :
- Phishing (T1566) – Cybercriminals create fraudulent websites mimicking DeepSeek to lure users into compromising their crypto wallets.
- Credential Dumping (T1003) – Users are tricked into providing Personally Identifiable Information (PII) through fake investment platforms.
- Malware (T1203) – Malicious software like AMOS Stealer is distributed through websites claiming to offer DeepSeek app downloads.
Indicator of Compromise :
- [URL] hxxp://abs-register[.]com/
- [URL] hxxps://deep-whitelist[.]com/
- [URL] hxxps://deepseek-ai[.]cloud/
- [Domain] deepseek-aiassistant[.]com
- [Domain] deepseek-shares[.]com
- Check the article for all found IoCs.
Full Research: https://cyble.com/blog/deepseeks-growing-influence-sparks-a-surge-in-frauds-and-phishing-attacks/