![Apple's M5 iPad Pro Enters Advanced Testing for 2025 Launch [Gurman]](https://www.iclarified.com/images/news/96865/96865/96865-640.jpg)
![M5 MacBook Pro Set for Late 2025, Major Redesign Waits Until 2026 [Gurman]](https://www.iclarified.com/images/news/96868/96868/96868-640.jpg)
![Apple to Revamp Health App with AI-Powered Doctor [Gurman]](https://www.iclarified.com/images/news/96870/96870/96870-640.jpg)
![What Google Messages features are rolling out [March 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 141]: Road to AGI (and Beyond) #1 — The AI Timeline is Accelerating](https://www.marketingaiinstitute.com/hubfs/ep%20141.1.png)
![[The AI Show Episode 140]: New AGI Warnings, OpenAI Suggests Government Policy, Sam Altman Teases Creative Writing Model, Claude Web Search & Apple’s AI Woes](https://www.marketingaiinstitute.com/hubfs/ep%20140%20cover.png)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![From broke musician to working dev. How college drop-out Ryan Furrer taught himself to code [Podcast #166]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743189826063/2080cde4-6fc0-46fb-b98d-b3d59841e8c4.png?#)
![[FREE EBOOKS] The Ultimate Linux Shell Scripting Guide, Artificial Intelligence for Cybersecurity & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.png?#)
Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware
Cybercriminals have launched a sophisticated attack campaign leveraging Google’s sponsored search results to target users searching for DeepSeek, the increasingly popular AI platform. The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking legitimate DeepSeek ads but redirecting victims to malicious websites designed to distribute malware. This campaign […] The post Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware appeared first on Cyber Security News.
Cybercriminals have launched a sophisticated attack campaign leveraging Google’s sponsored search results to target users searching for DeepSeek, the increasingly popular AI platform.
The attack uses convincingly crafted fake advertisements that appear at the top of Google search results, mimicking legitimate DeepSeek ads but redirecting victims to malicious websites designed to distribute malware.
This campaign represents a growing trend of threat actors exploiting trusted digital advertising platforms to deliver malicious payloads to unsuspecting users.
The attack begins when users search for DeepSeek on Google and encounter sponsored results that appear authentic at first glance.
The malicious ads direct users to carefully constructed fake websites that closely resemble the official DeepSeek platform.
These imposter sites feature download buttons that, when clicked, deliver a Trojan programmed in Microsoft Intermediate Language (MSIL), demonstrating the attackers’ technical sophistication in creating cross-platform threats that could potentially target macOS users.
Malwarebytes researchers identified the malware delivered through these fake ads as “Malware.AI.1323738514” through their Artificial Intelligence detection module.
The researchers noted that the campaign’s success rate appears high enough that attackers can afford to outbid legitimate brands for sponsored placement in Google’s search results, indicating a potentially lucrative operation.
Infection Mechanism Analysis
The infection chain demonstrates remarkable attention to detail in social engineering tactics.
The fake website “deepseek-ai-soft.com” implements design elements that closely mimic legitimate AI platforms, complete with convincing copy promising “DeepSeek-R1” availability “on web, app, and API” and marketing phrases like “Better than ChatGPT” to entice downloads.
.webp)
When analyzing the network traffic from infected systems, the malware establishes persistent connections to command-and-control servers using the following communication pattern:-
POST /ingest/status HTTP/1.1
Host: c2-deepseek-metrics.net
Content-Type: application/json
User-Agent: DeepSeekUpdater/1.2.3
Cookie: session=[encoded_base64_data]The malware’s infection mechanism exploits the growing public interest in AI tools, with DeepSeek being merely one vector in what appears to be a broader campaign.
.webp)
Another similar campaign identified by researchers used “deepseakr.com” with advertisements published under Hebrew-language publisher names, suggesting multiple attack vectors or potential geographic targeting.
Security experts recommend avoiding clicking on sponsored search results altogether and considering ad-blockers to prevent exposure to these increasingly sophisticated malvertising campaigns that blend technical exploitation with social engineering tactics.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Weaponized Google Ads Attacking DeepSeek Users to Deliver Malware appeared first on Cyber Security News.
 To Hack Windows Systems.webp?#)
