Cybernews reports that nearly 40 web domains masquerading as the increasingly popular Chinese artificial intelligence platform DeepSeek have been created to facilitate intrusions distributing the Vidar information-stealing malware and compromising cryptocurrency wallets.
Threat actors commence the attacks by luring targets into visiting purported DeepSeek-affiliated websites, which upon registration would redirect to a bogus CAPTCHA page that enables the delivery of Vidar malware that not only identifies sensitive files and obtains data from over a dozen web browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, and Opera GX, but also sets sights on dozens of cryptocurrency extensions, such as those for Binance, Coinbase, and MetaMask, according to a Zscaler report.
Malicious websites crafted for the attack campaign were also tapped by attackers to conduct cryptocurrency pump-and-dump schemes and gift card scams, as well as to advertise a bogus gambling service, said Zscaler researchers.
