Phishing sites posing as DeepSeek downloads drop a proxy backdoor | CSO Online

Kaspersky warns of a new malicious campaign distributing BrowserVenom malware through fake DeepSeek-R1 environment installers. The malware, disguised as a DeepSeek client, reroutes web traffic through an actor-controlled proxy, enabling data collection and manipulation. The campaign, likely orchestrated by Russian-speaking threat actors, has been detected in multiple countries, using CAPTCHA challenges to add legitimacy.