DeepSeek Was the Bait — And You’re the Catch
The new BrowserVenom trojan is wreaking havoc in browsers worldwide.
The new BrowserVenom trojan is wreaking havoc in browsers worldwide.
As the popularity of large language models continues to surge, cybercriminals are increasingly leveraging this trend for their own gain. One of the latest victims of this weaponization is DeepSeek-R1, a highly sought-after AI model. Users searching for chatbots based on this model are frequently lured into malicious sites masquerading as official platforms.
Kaspersky Lab experts uncovered a new wave of attacks involving a fake DeepSeek-R1 installer. The malware was distributed through a phishing site that ranked highly in Google search results — thanks to Google Ads. The malicious site closely resembled the original and auto-detected the visitor’s operating system. For Windows users, a “Try now” button led to a fake CAPTCHA page — allegedly for bot protection.
After passing the CAPTCHA, users landed on a page with a “Download now” button that delivered an executable named AI_Launcher_1.21.exe from a spoofed domain. This installer acted as a trojan horse. Upon execution, it showed yet another fake CAPTCHA and suggested installing third-party AI tools like Ollama or LM Studio — all while silently triggering the hidden method MLInstaller.Runner.Run().
Stage One: PowerShell & AV Evasion
Initially, an encrypted PowerShell command was executed to exclude the user’s folder from Microsoft Defender scans. The encryption used AES-256-CBC, with the key and IV hardcoded inside the binary. This step required administrative privileges to function.
Stage Two: Payload Retrieval
A second PowerShell script fetched a malicious binary from a domain generated via a simple DGA (Domain Generation Algorithm). The downloaded file was saved as 1.exe in the “Music” folder and immediately executed. The currently active domain was app-updater1[.]app, although it appeared non-functional at the time of analysis — likely indicating staging for a future attack phase.
Stage Three: BrowserVenom Activation
The third phase involved decrypting a second executable embedded within the installer and running it directly in memory. This component, named BrowserVenom, was the core payload of the campaign. Its main purpose? Intercept all of the victim's internet traffic by reconfiguring browsers to route through attacker-controlled proxies.
BrowserVenom first checked for admin rights. If successful, it installed a rogue certificate into the system’s trusted root store. It then altered browser configurations:
- For Chromium-based browsers (Chrome, Edge, Opera, Brave), it appended the --proxy-server flag.
- Shortcut files (.lnk) were rewritten to enforce these changes.
- Firefox and Tor Browser profiles were also silently edited.
The proxy server used by the attackers was located at 141.105.130[.]106, port 37121. Additionally, a custom User-Agent string with a campaign tag LauncherLM and a randomly generated HWID was appended — helping attackers track infections.
Global Spread and Russian Ties
The phishing page source code included Russian-language comments, and the infection has been observed in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt.
Detected as HEUR:Trojan.Win32.Generic and Trojan.Win32.SelfDel.iwcv, this threat demonstrates how effectively cybercriminals exploit the growing interest in AI. The use of Google Ads to promote malicious links makes this campaign especially dangerous — especially for users who fail to verify URLs and software certificates.
How to Stay Safe
- Always verify that the website you're downloading from is the official one — even if it’s the top result on Google.
- Avoid clicking on ads when searching for software or tools.
- Check the digital certificate of any installer and ensure it’s signed by a legitimate vendor.
- Run antivirus scans and enable reputation-based protection systems.
- Use restricted user accounts for daily activity, reserving admin privileges only when necessary.
This campaign serves as a stark reminder: in the AI gold rush, curiosity is a powerful lure — and malware authors are fishing with bait that many can’t resist.
