ATTENTION: A fake DeepSeek website has been created to spread malware.

Recently, following the launch of DeepSeek, an open-source generative artificial intelligence tool, a malware distribution campaign has been identified through fraudulent websites that mimic the official site. ESET, a cybersecurity company, has warned that cybercriminals are using topics of general interest to deceive unsuspecting users. A user on X, identified as @g0njxa, reported a malicious site that has a design similar to the real one, although the URL and the download option indicate its falsehood.

ESET emphasizes the importance of verifying the website's URL, suggesting that it's best to manually type the address. On the legitimate site, the main button is labeled "Start Now," as DeepSeek operates directly on the web. On the fraudulent site, however, the button says "Download Now," which implies the download of a potentially malicious file, since DeepSeek does not require installation. Any site that asks for a download poses a severe risk.

Additionally, it has been noted that the domain of the fake site has been used by other pages pretending to be different software to spread malware. This domain attempts to conceal its malicious nature by using a digital signature attributed to a supposed company called "K.MY TRADING TRANSPORT COMPANY LIMITED." If a user interacts with the button on the fake site, an executable file is downloaded, which ESET identifies as Win32/Packed.NSIS.A, with reports of activity in places like China, Russia, and several European nations.

Fabiana Ramírez Cuenca, a cybersecurity researcher at ESET Latin America, warned that such campaigns, taking advantage of the growing interest in tools like DeepSeek, could proliferate in various regions, including Latin America. Therefore, it is recommended to exercise caution when accessing online tools.