Cybernews reports that nearly 40 web domains masquerading as the increasingly popular Chinese artificial intelligence (AI) platform DeepSeek have been created to facilitate intrusions distributing the Vidar information-stealing malware and compromising cryptocurrency wallets.
Zscaler reported that threat actors commence the attacks by luring targets into visiting purported DeepSeek-affiliated websites, which upon registration would redirect to a bogus CAPTCHA page that enables the delivery of Vidar malware that identifies sensitive files and obtains data from over a dozen web browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, and Opera GX. The bad actors also have set sights on dozens of cryptocurrency extensions, such as those for Binance, Coinbase, and MetaMask.
Malicious websites crafted for the attack campaign were also tapped by attackers to conduct cryptocurrency pump-and-dump schemes and gift card scams, as well as to advertise a bogus gambling service, said Zscaler researchers.
