A wave of fraudulent websites impersonating China's AI company DeepSeek has emerged, targeting unsuspecting users' sensitive data and cryptocurrency assets. The surge follows DeepSeek's recent release of its low-cost AI model that gained global attention.
Security researchers at Memcyco have identified at least 16 active phishing sites masquerading as DeepSeek. The fake domains appear to be part of a coordinated attack campaign, with threat actors displaying sophisticated tactics to evade detection and takedown attempts.
"We observed clusters of fake domains registered in waves, dynamically adjusting their content based on DeepSeek's market positioning," said Israel Mazin, CEO of Memcyco. The attackers showed remarkable adaptability by rapidly shifting their infrastructure to new locations when faced with shutdown attempts.
The phishing sites pose multiple risks, including identity theft, financial fraud, and malware infection. Some sites intercept login credentials in real-time for account takeovers, while others distribute malware enabling remote access to users' devices.
Cybersecurity firm Cyble reported discovering DeepSeek lookalike domains linked to cryptocurrency scams. One site attempted to trick visitors into scanning a QR code that would grant attackers access to their crypto wallets. Another promoted a fictitious "DeepSeekAI Agent" crypto token.
Beyond website impersonation, threat actors have deployed malicious packages on the PyPI Python repository labeled as "deepseekai" and "deepseeek". These packages targeted developers looking to integrate DeepSeek functionality, creating a pathway for data theft.
Many of the fraudulent sites appear connected to phishing-as-a-service operations that provide impersonation tools to cybercriminals. Users are advised to watch for suspicious URLs with misspellings and unprofessional design elements when accessing new, popular services.
The DeepSeek-related attacks highlight how cybercriminals rapidly exploit major tech announcements to target curious users. Security experts recommend organizations implement robust scam detection systems and digital impersonation protection to safeguard their users.