The growing popularity of large language models (LLMs) has given rise to new and highly targeted malware campaigns. A recent investigation by Kaspersky Labs reveals a dangerous trend: cybercriminals are now exploiting the name recognition of the DeepSeek-R1 chatbot model to distribute a stealthy new implant known as BrowserVenom.
βThreat actors have begun using malvertising to exploit the demand for chatbots,β warns Kaspersky. βThe attacks ultimately aim to install BrowserVenom, an implant that reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors.β
The infection chain starts with a phishing site disguised as the legitimate DeepSeek platform, hosted at deepseek-platform[.]com. This malicious website is deceptively promoted via Google Ads, appearing as the top result for searches like βDeepSeek R1.β
triggering a scripted sequence of decoy CAPTCHAs and download prompts. The final payload is a fake installer named AI_Launcher_1.21.exe, disguised to look like it launches the DeepSeek LLM environment.
βClicking [the βDownload nowβ button] results in downloading the malicious installer,β the report explains. βWe discovered comments in Russian related to the websitesβ functionality, which suggests that they are developed by Russian-speaking threat actors.β
Once executed, the installer activates a function (MLInstaller.Runner.Run()) that kicks off a multi-stage infection process:
Bypassing Windows Defender: A hardcoded AES-encrypted buffer is decrypted to reveal a PowerShell command that attempts to exclude the userβs folder from antivirus scanning.Downloader Component: Another PowerShell script generates domain names using a simple DGA and attempts to download additional payloads, saving them as 1.exe in the userβs Music folder.Memory-Loaded Implant: The second-stage malware is decrypted and run directly in memory. This is the BrowserVenom implant.βWe dubbed the next-stage implant BrowserVenom because it reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors,β Kaspersky says.
BrowserVenom installs a malicious root certificate and rewrites the proxy settings for both Chromium (Chrome, Edge) and Gecko (Firefox, Tor) based browsers. It even appends tracking dataβlike a hardcoded ID and randomly generated hardware identifierβto the browserβs user agent string.
The proxy infrastructure used by BrowserVenom is centralized around:
IP Address: 141.105.130[.]106Port: 37121Kasperskyβs telemetry shows that the infection campaign has spread to users in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egyptβsignaling a global reach with geographically diverse victims.
The abuse of Google Ads as a delivery mechanism adds a dangerous layer of credibility to the attack. This technique enables the attackers to leapfrog traditional trust barriers and plant malware in usersβ systems with just a few clicks.
βDeepSeek has been the perfect lure for attackers to attract new victims,β concludes Kaspersky. βThis, combined with the use of Google Ads to reach more victims and look more plausible, makes such campaigns even more effective.β