Fake DeepSeek Ads Trick Users into a Trap
Cybercriminals are using fake ads on Google to trick people into downloading dangerous malware. This time, they are targeting DeepSeek, a popular AI platform. DeepSeek became well-known this year after launching its first AI models, DeepSeek-R1-Zero and DeepSeek-R1. These models impressed many with their reasoning skills, making DeepSeek a famous name in the AI world.
DeepSeek’s popularity has made it a target for hackers. Criminals are now creating fake ads that show up in Google’s search results. When users click these ads, they are sent to a malicious website. The site looks like DeepSeek’s official page, but it is fake. It has a download link that installs a Trojan virus instead of the real AI tool.
How the Malware Works
When a user clicks the download button, the site sends a Trojan virus. It is hidden inside a Microsoft Intermediate Language (MSIL) file. This Trojan is called Heracles. It is an info-stealer that mainly targets cryptocurrency wallets.
Once the malware infects a device, it can steal sensitive information. This includes login details and financial data. It can also access crypto wallets and drain funds. The malware may take over online accounts, putting victims at risk of identity theft and fraud.
Malwarebytes researchers found that the Heracles Trojan comes from Russia. It is part of a larger trend. Cybercriminals are using fake ads on Google to spread malicious software. They often pretend to be well-known brands.
How to Spot Fake Ads and Stay Safe
Experts warn that fake ads can look real. However, there are clues to spot them. Suspicious URLs are one sign. Fake ads use web links that look slightly different from the real DeepSeek site. For example, instead of deepseek.com, the fake ad may lead to a similar but fake website.
Fake advertisers are another sign. On Google search results, users can click the three vertical dots next to the ad URL to check the advertiser’s information. If it’s not DeepSeek’s official advertiser account, it’s likely fake.
Security experts strongly advise against clicking on sponsored search results altogether. While most ads are legitimate, cybercriminals have found ways to bypass Google’s security measures and display malicious ads.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
Google’s Security Struggles
Google has been fighting fake ads for years. However, the problem continues. Malwarebytes researchers say Google cannot fully stop fake ads. As a result, cybercriminals keep making malicious ads. These fake ads often rank higher than real brands in search results.
In Google’s 2023 Ads Safety Report, the company claimed it had blocked over 5.5 billion ads and suspended 12.7 million advertiser accounts for violating policies. However, despite these efforts, cybercriminals continue to find loopholes, often using fake or compromised advertiser accounts.
In response to this latest incident, Google confirmed that they had detected the malware campaign before it was publicly reported. The company said it removed the fraudulent ads and suspended the advertiser’s account. However, this incident is a reminder that malicious actors are constantly adapting and exploiting online platforms.
