DeepSeek-R1 Chatbot Lure: BrowserVenom Malware Spreads via Google Ads, Hijacking Your Browser Traffic

The growing popularity of large language models (LLMs) has given rise to new and highly targeted malware campaigns. A recent investigation by Kaspersky Labs reveals a dangerous trend: cybercriminals are now exploiting the name recognition of the DeepSeek-R1 chatbot model to distribute a stealthy new implant known as BrowserVenom.

“Threat actors have begun using malvertising to exploit the demand for chatbots,” warns Kaspersky. “The attacks ultimately aim to install BrowserVenom, an implant that reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors.”

The infection chain starts with a phishing site disguised as the legitimate DeepSeek platform, hosted at deepseek-platform[.]com. This malicious website is deceptively promoted via Google Ads, appearing as the top result for searches like “DeepSeek R1.”

Once on the site, the user is prompted to click a fake “Try now” button, triggering a scripted sequence of decoy CAPTCHAs and download prompts. The final payload is a fake installer named AI_Launcher_1.21.exe, disguised to look like it launches the DeepSeek LLM environment.

“Clicking [the ‘Download now’ button] results in downloading the malicious installer,” the report explains. “We discovered comments in Russian related to the websites’ functionality, which suggests that they are developed by Russian-speaking threat actors.”

Once executed, the installer activates a function (MLInstaller.Runner.Run()) that kicks off a multi-stage infection process:

1. Bypassing Windows Defender: A hardcoded AES-encrypted buffer is decrypted to reveal a PowerShell command that attempts to exclude the user’s folder from antivirus scanning.
2. Downloader Component: Another PowerShell script generates domain names using a simple DGA and attempts to download additional payloads, saving them as 1.exe in the user’s Music folder.
3. Memory-Loaded Implant: The second-stage malware is decrypted and run directly in memory. This is the BrowserVenom implant.

“We dubbed the next-stage implant BrowserVenom because it reconfigures all browsing instances to force traffic through a proxy controlled by the threat actors,” Kaspersky says.

BrowserVenom installs a malicious root certificate and rewrites the proxy settings for both Chromium (Chrome, Edge) and Gecko (Firefox, Tor) based browsers. It even appends tracking data—like a hardcoded ID and randomly generated hardware identifier—to the browser’s user agent string.

The proxy infrastructure used by BrowserVenom is centralized around:

• IP Address: 141.105.130[.]106
• Port: 37121

Kaspersky’s telemetry shows that the infection campaign has spread to users in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt—signaling a global reach with geographically diverse victims.

The abuse of Google Ads as a delivery mechanism adds a dangerous layer of credibility to the attack. This technique enables the attackers to leapfrog traditional trust barriers and plant malware in users’ systems with just a few clicks.

“DeepSeek has been the perfect lure for attackers to attract new victims,” concludes Kaspersky. “This, combined with the use of Google Ads to reach more victims and look more plausible, makes such campaigns even more effective.”

Related Posts:

• Cybercriminals Exploit DeepSeek’s Popularity to Distribute Trojanized AI Clients
• DeepSeek’s Exposed Database Leaks Sensitive User Information
• DeepSeek Disrupts AI Landscape: High Performance at Low Cost
• AI’s Dark Side: Hackers Harnessing ChatGPT and LLMs for Malicious Attacks