Digital SecurityHow scammers are exploiting DeepSeek’s success==============================================As eager as ever to capitalize on the latest big thing, cybercriminals have wasted no time launching attacks that take advantage of the meteoric rise of DeepSeek’s AI model [](/en/our-experts/editor/ ‘Editor’) [**Editor**](/en/our-experts/editor/ ‘Editor’) [](/en/our-experts/maria-bocconi/ ‘María Bocconi’) [**María Bocconi**](/en/our-experts/maria-bocconi/ ‘María Bocconi’)31 Jan 2025 • , 4 min. read  It’s become almost a cliché to say that cybercriminals are remarkably quick to latch onto the latest trends and technologies and exploit them for their own nefarious gains. The buzz around DeepSeek and its state-of-the-art AI models is no exception. In fact, the past few days have provided a stark reminder that while the tech world is evolving at a breakneck speed, the tactics of online scammers often remain strikingly familiar.Since the R1 reasoning model of the little-known Chinese startup took the world by storm last week, security researchers have spotted a number of fraudulent attempts to capitalize on its meteoric rise to popularity. Alongside this, DeepSeek has faced intense scrutiny over its privacy and security practices, bringing to light several risks surrounding (not necessarily only DeepSeek’s) AI models.Here’s a rundown of how fraudsters use DeepSeek’s popularity as a lure for scams and malware, as well as a short recap of some of the key privacy and security issues that have also thrown the spotlight on the company in the past few days.Scams and malware—————–One example comes from a [](
user on X who posted some details about a website that mimics [the official one](https://www.deepseek.com/) and urges visitors to download the DeepSeek model. Instead, however, clicking it triggers the download of a malicious executable that ESET products detect as Win32/Packed.NSIS.A.While the website largely ‘looks the part’, a keen eye will spot at least one more giveaway beside the URL itself: unlike the ‘Start now’ button on the [official website](https://www.deepseek.com/), the fake one says ‘Download Now’. (DeepSeek has launched mobile apps for both iOS and Android [with great success](https://www.cnbc.com/2025/01/27/chinas-deepseek-ai-tops-chatgpt-app-store-what-you-should-know.html), but you can also use it directly in your desktop browser without needing to download anything.) To further bolster the ploy’s chances of success, the malware is digitally signed by ‘K.MY TRADING TRANSPORT COMPANY LIMITED’.
> [](https://twitter.com/g0njxa/status/1884368749316227321)
Others have also [spotted](https://x.com/AlvieriD/status/1883450009523282280) a number of newly-created [lookalike domains](https://www.linkedin.com/posts/huzeyfe_it-seems-that-threat-actorsbad-guys-are-activity-7289990824115724289-HvNj) that aim to trick people into thinking that they have landed on the real thing, but are instead to part them from their data or hard-earned money, including by touting (non-existent) [DeepSeek pre-IPO shares](https://cyble.com/blog/deepseeks-growing-influence-sparks-a-surge-in-frauds-and-phishing-attacks/).Another risk has to do with bogus [DeepSeek crypto tokens](https://cointelegraph.com/news/scam-tokens-surge-deepseek-ai-viral) that have surged on multiple blockchain networks, with some reaching market capitalizations of millions of dollars in short order. The company [made it clear on X](https://x.com/deepseek_ai/status/1877663619464478983) earlier in January that it has not issued any cryptocurrency.Privacy and security concerns surrounding DeepSeek————————————————–Right on the heels of its rapid ascent, DeepSeek said it had itself been the target of ‘a large-scale cyberattack’ that caused it to [suspend new user signups](https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/).Meanwhile, cloud cybersecurity company [Wiz has found](https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak) a database belonging to DeepSeek that inadvertently exposed API keys, system logs, user chat prompts and other sensitive information to the open internet. DeepSeek has since locked down the database.Cybersecurity firms [KELA](https://www.kelacyber.com/blog/deepseek-r1-security-flaws/) and [Palo Alto Networks](https://unit42.paloaltonetworks.com/jailbreaking-deepseek-three-techniques/) have found that DeepSeek’s AI models are susceptible to so-called evil jailbreak attacks and their security guardrails can be subverted to [generate malicious outputs](https://www.welivesecurity.com/en/business-security/untrustworthy-ai-data-poisoning/), including ransomware, as well as fabricate content such as detailed instructions for creating toxins and explosives.Much like has been the [case with TikTok](https://www.welivesecurity.com/2023/03/24/what-tiktok-knows-you-should-know-tiktok/) and other Chinese online services, DeepSeek’s [data collection practices](https://platform.deepseek.com/downloads/DeepSeek%20Privacy%20Policy.html) also [garnered scrutiny](https://iapp.org/news/a/deepseek-s-ascension-catches-the-eye-of-international-regulators/) almost immediately, including from regulatory authorities in the United States, Ireland, Italy and France.How to stay safe—————-Whether it’s a viral new app, a juggernaut social media platform, or even the latest buzz around AI tools, cybercriminals are highly adept at weaving thee latest fads and trends into their ploys, ultimately making them more enticing and harder to spot.To protect yourself from DeepSeek-themed scams, keep your eyes peeled for any email or social media messages that attempt to piggyback off its popularity and push you to click on suspicious links.Indeed, as AI tools can be harnessed to create highly convincing phishing campaigns and other social engineering attacks, be skeptical of messages that arrive out of the blue, particularly if they offer something too good to be true such as [investment opportunities](https://www.welivesecurity.com/en/cybersecurity/crypto-soaring-threats-how-keep-wallet-safe/) or create a sense of urgency. You’re better off contacting the company or person mentioned in the messages directly via verified channels and navigating to the official website by typing it into your web browser.Strengthen your online accounts with [two-factor authentication](https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/) (2FA) wherever possible so that it’s far harder for cybercriminals to access your accounts even if they obtain your credentials. Make sure to also use multilayered security software across all your devices that can go a long way towards keeping you safe.When interacting with DeepSeek or, indeed, [any other AI model](https://www.welivesecurity.com/en/business-security/security-privacy-challenges-large-language-models/), be mindful of the data you’re entering into it, including names, email addresses and sensitive personal preferences. The same goes for [corporate and other sensitive data](https://www.welivesecurity.com/2023/05/17/meet-ai-new-colleague-work-company-data/); the [US Navy](https://time.com/7210875/deepseek-national-security-threat-tiktok/), for example, has already banned use of DeepSeek among its ranks.*Image source: [Unsplash](https://unsplash.com/photos/a-person-holding-a-cell-phone-in-their-hand-iPsKQ4kLLkg)* *** ** * ** ***Let us keep youup to date—————————–Sign up for our newsletters Ukraine Crisis newsletter Regular weekly newsletter Subscribe #### Related Articles*** ** * ** ***[Digital SecurityCybersecurity and AI: What does 2025 have in store?Digital SecurityCybersecurity and AI: What does 2025 have in store?](/en/cybersecurity/cybersecurity-ai-what-2025-have-store/ ‘Cybersecurity and AI: What does 2025 have in store?’) *** ** * ** ***[Digital SecurityCrypto is soaring, but so are threats: Here’s how to keep your wallet safeDigital SecurityCrypto is soaring, but so are threats: Here’s how to keep your wallet safe](/en/cybersecurity/crypto-soaring-threats-how-keep-wallet-safe/ ‘Crypto is soaring, but so are threats: Here’s how to keep your wallet safe’) *** ** * ** ***[Digital SecurityAI moves to your PC with its own special hardwareDigital SecurityAI moves to your PC with its own special hardware](/en/cybersecurity/ai-moves-pc-special-hardware/ ‘AI moves to your PC with its own special hardware’) ### Similar Articles[Digital SecurityMeet ‘AI’, your new colleague: Could it expose your company’s secrets?](/2023/05/17/meet-ai-new-colleague-work-company-data/ ‘Meet ‘AI’, your new colleague: Could it expose your company’s secrets?’)*** ** * ** ***[Business SecurityUntrustworthy AI: How to deal with data poisoning](/en/business-security/untrustworthy-ai-data-poisoning/ ‘Untrustworthy AI: How to deal with data poisoning’)*** ** * ** ***[Digital SecurityCybersecurity and AI: What does 2025 have in store?](/en/cybersecurity/cybersecurity-ai-what-2025-have-store/ ‘Cybersecurity and AI: What does 2025 have in store?’)*** ** * ** ***### Share Article[](https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ ‘Facebook’) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ ‘LinkedIn’) [](https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ ‘Twitter’) [](mailto:?&subject=I wanted you to see this site&body=https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ ‘mail’) [](https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/ ‘copy’)  ### DiscussionRelated Tags:
NAICS: 54 – ProfessionalScientific
Technical Services
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 51 – Information
Blog: ESET We Live Security
Acquire Infrastructure: Domains
Associated Indicators: