Numerous computers across Mexico, Brazil, Cuba, India, Nepal, Egypt, and South Africa have been compromised with the novel BrowserVenom malware in a phishing campaign involving the impersonation of Chinese artificial intelligence platform DeepSeek-R1, reports The Register.Attacks involved visiting the malicious "https[:]//deepseek-platform[.]com" site promoted on top of Google search results for "deepseek r1", which then lures targets into clicking the "Try now" button that requires solving a CAPTCHA before redirecting to a page where the malicious installer would be downloaded, according to a Kaspersky analysis. Execution of the nefarious installer prompts another Cloudflare CAPTCHA-spoofing window that redirects to download either Ollama or LM Studio for DeepSeek operation, which results in BrowserVenom compromise. After verifying the targeted user's admin privileges, BrowserVenom proceeds with hardcoded certificate delivery, which enables persistence and traffic interception capabilities, as well as the inclusion of hardcoded proxy server addresses across the compromised system's browsers. Google has already confirmed removing the malicious ads promoting DeepSeek.
You can skip this ad in 5 seconds