The meteoric rise of DeepSeek, a Chinese artificial intelligence company renowned for its open-source large language models (LLMs), has garnered widespread attention and enthusiasm in the tech industry. With the launch of their first chatbot app, “DeepSeek – AI Assistant,” in January 2025, the company quickly surpassed well-established competitors like OpenAI’s ChatGPT, becoming the most downloaded free app on the iOS App Store in the United States.
However, this unprecedented success has also attracted a darker side, with cyber threats on the rise. According to Cyble, a cybersecurity research firm, the exponential growth of DeepSeek has inadvertently become a breeding ground for cybercriminals looking to exploit the company’s reputation for fraudulent activities such as phishing attacks, investment scams, and malware campaigns.
The increased popularity of DeepSeek has caught the eye of threat actors, who are leveraging its credibility to launch scams and cyberattacks. Cybercriminals have set up fake websites disguised as DeepSeek to deceive unsuspecting users, primarily targeting cryptocurrency enthusiasts. These fraudulent platforms are designed to trick users into scanning QR codes that compromise their crypto wallets, leading to theft of funds and personal information.
Cyble’s investigations have uncovered several domains associated with these phishing campaigns, including abs-register[.]com, deep-whitelist[.]com, deepseek-ai[.]cloud, deepseek[.]boats, deepseek-shares[.]com, deepseek-aiassistant[.]com, and usadeepseek[.]com. These websites are conduits for cybercriminals to extract personal data, steal cryptocurrency, and promote bogus investment opportunities, exploiting the trust DeepSeek has garnered within the tech community.
The proliferation of crypto phishing schemes has been a major concern, as cybercriminals are using QR codes on deceptive websites that mimic DeepSeek’s official platform to compromise users’ wallets. The effectiveness of these attacks has been exacerbated by the growing popularity of platforms like DeepSeek, enabling criminals to deceive even cautious users.
In addition to phishing attacks, cyber fraudsters have seized the opportunity to promote fake investment schemes under the guise of DeepSeek’s success. For instance, a domain called deepseek-shares[.]com falsely claimed to offer pre-IPO shares of the company, intending to gather sensitive personal data for nefarious purposes like identity theft and financial fraud.
Alongside phishing and investment scams, there have been reported instances of malware campaigns linked to DeepSeek. Malicious websites have offered supposed DeepSeek app downloads for various platforms, serving as potential entry points for malware like the AMOS Stealer, a credential-stealing software capable of compromising user data and online accounts.
To mitigate the risks associated with DeepSeek’s popularity, users are advised to exercise caution by verifying official sources, refraining from engaging with untrusted websites and QR codes, and scrutinizing investment opportunities closely. By adopting security best practices, staying informed about emerging cyber threats, and remaining vigilant, individuals can safeguard their personal information and prevent falling victim to cybercriminal schemes exploiting DeepSeek’s rapid ascent in the AI industry.