DeepSeek users targeted with fake sponsored Google ads that deliver malware

DeepSeek users targeted with fake sponsored Google ads that deliver malware

The threat intel research used in this post was provided by Malwarebytes Senior Director of Research, Jérôme Segura.

DeepSeek’s rising popularity has not only raised concerns and questions about privacy implications, but cybercriminals are also using it as a lure to trap unsuspecting Google searchers.

Unfortunately, we are getting so used to sponsored Google search results being abused by criminals that we advise people not to click on them. So, it was to be expected that DeepSeek would show up in our monitoring of fake Google ads.

Here’s the fake ad:

DeepSeek users targeted with fake sponsored Google ads that deliver malware 5

If you put it side by side with the real DeepSeek ads, the difference is relatively easy to spot:

actual DeepSeek search result
DeepSeek users targeted with fake sponsored Google ads that deliver malware 6

But as an unsuspecting searcher, you aren’t likely to make that comparison, and as you may know from previous posts about fake Google sponsored ads, the criminals behind these campaigns can be a lot more convincing.

In this case, they certainly put a lot more effort into creating the fake website which the advertisement linked to:

fake DeepSeek website
DeepSeek users targeted with fake sponsored Google ads that deliver malware 7

It’s different from the real website, but it looks convincing, nonetheless.

Should you happen to click the download button, you will receive a Trojan programmed in Microsoft Intermediate Language (MSIL), which the Artificial Intelligence (AI) module in Malwarebytes/ThreatDown products detects as Malware.AI.1323738514.

How to avoid these traps

As we mentioned earlier, Google has demonstrated that it can’t keep fake ads out of its sponsored search results. And apparently the success rate of these fake ads is high enough to allow the criminals to pay Google enough to outrank legitimate brands.

So, our first tip is not to click on sponsored search results. Ever.

The second tip is to look at the advertiser by clicking the three dots behind the URL in the search result and look whether he advertiser listed is the legitimate owner of the brand or not.

Here is one example of another DeepSeek impersonator we found. The advertiser’s name is not in Chinese characters by the way. The language in which the advertiser’s name is written is Hebrew: תמיר כץ.

look at the advertiser
DeepSeek users targeted with fake sponsored Google ads that deliver malware 8

If you don’t want to see sponsored ads at all then it’s worth considering installing an ad-blocker that will make sure you go straight to the regular search results.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.