2 months ago
26
- Published on February 12, 2025
- In AI News
Attackers have created a fake website that looks very similar to DeepSeek’s official verification page.
Illustration by Raghavendra Rao
Cybercriminals have increasingly been exploiting the growing use of artificial intelligence (AI) with a new phishing scam that tricks users into downloading malware. Security researchers at CloudSEK have uncovered a sophisticated cyberattack called the ‘DeepSeek ClickFix scam’, which uses fake captcha pages and malware-infected downloads to steal login credentials.
How the Scam Works
Attackers have created a fake website (deepseekcaptcha[.]top) that looks very similar to DeepSeek’s official verification page.
As part of this scam, users are asked to complete a fraudulent captcha verification. When clicked, the verification runs a hidden PowerShell command. This command installs two dangerous malware programs – Vidar Stealer and Lumma Stealer – that steal login details, financial data, and session tokens.
The stolen data can be used to hack accounts, including those on platforms like Steam and Telegram. To avoid detection, cybercriminals have used Cloudflare hosting, making it difficult for security systems to track and block the malicious site.
Cybersecurity Experts Warn AI Users to Stay Vigilant
According to CloudSEK’s threat intelligence lead, Sparsh Kulshrestha, this attack highlights how hackers are adapting to new technologies.
“The DeepSeek ClickFix scam is a stark reminder of how cybercriminals continuously adapt to exploit emerging technologies. AI users must be extra vigilant when engaging with online verification requests,” he warned.
Cybersecurity experts warn that AI-related scams are becoming more sophisticated, making them harder to detect using traditional security tools.
How to Protect Yourself
CloudSEK recommends several precautionary measures to prevent phishing scams. Users should always verify website URLs before entering credentials to ensure they are on a legitimate platform.
Users must also be cautious of captcha requests, as AI platforms do not repeatedly require verification. Unexpected prompts should be treated with suspicion.
Enabling multi-factor authentication (MFA) adds an extra layer of security, which prevents hackers from accessing accounts even if credentials are stolen. Organisations should also implement anti-phishing protection, such as email filters and domain monitoring tools, to detect phishing scams early.
Lastly, keeping devices and security software updated helps protect against new and evolving threats.
Shalini Mondal
Shalini is a senior tech journalist, exploring the latest advancements in AI. When she's not reporting on the latest innovations, you can find her immersed in her next literary adventure.
Association of Data Scientists
GenAI Corporate Training Programs
India's Biggest Women in Tech Summit
Mar 20 and 21, 2025 | 📍 J N Tata Auditorium, Bengaluru
Download the easiest way to
stay informed
Subscribe to The Belamy: Our Weekly Newsletter
Biggest AI stories, delivered to your inbox every week.
Rising 2025 | DE&I in Tech & AI
Mar 20 and 21, 2025 | 📍 J N Tata Auditorium, Bengaluru
AI Startups Conference.
April 25, 2025 | 📍 Hotel Radisson Blue, Bangalore, India
Data Engineering Summit 2025
15-16 May, 2025 | 📍 Taj Yeshwantpur, Bengaluru, India
MachineCon GCC Summit 2025
19-20th June 2025 | 📍 ITC Grand, Goa
17-19 September, 2025 | 📍KTPO, Whitefield, Bangalore, India
India's Biggest Developers Summit Nimhans Convention Center, Bangalore
Our Discord Community for AI Ecosystem.
