New BrowserVenom malware being distributed via fake DeepSeek phishing website | Securelist

A new malicious campaign distributes BrowserVenom malware through a fake DeepSeek-R1 LLM environment installer. The malware, delivered via a phishing site disguised as the official DeepSeek homepage, reconfigures browsing instances to force traffic through a threat actor-controlled proxy. This enables data collection and network traffic manipulation.