New malware posing as an AI assistant steals user data
Users were directed to a phishing site mimicking the address of the original DeepSeek platform via Google Ads, with the link showing up in the ad when a user searched for 'deepseek r1'. Once the user reached the fake DeepSeek site, a check was performed to identify the victim's operating system. If it was Windows, the user was presented with a button to download the tools for working with the LLM offline. Other operating systems were not targeted at the time of research.
After clicking on the button and passing the CAPTCHA test, a malicious installer file was downloaded and the user was presented with options to download and install Ollama or LM Studio. If either option was chosen, along with legitimate Ollama or LM Studio installers, malware got installed in the system bypassing Windows Defender's protection with a special algorithm. This procedure also required administrator privileges for the user profile on Windows; if the user profile on Windows did not have these privileges, the infection would not take place.
After the malware was installed, it configured all web browsers in the system to forcefully use a proxy controlled by the attackers, enabling them to spy on sensitive browsing data and monitor the victim's browsing activity. Because of its enforcing nature and malicious intent, Kaspersky researchers have dubbed this malware BrowserVenom. 'While running large language models offline offers privacy benefits and reduces reliance on cloud services, it can also come with substantial risks if proper precautions aren't taken. Cybercriminals are increasingly exploiting the popularity of open-source AI tools by distributing malicious packages and fake installers that can covertly install keyloggers, cryptominers, or infostealers. These fake tools compromise a user's sensitive data and pose a threat, particularly when users have downloaded them from unverified sources,' comments Lisandro Ubiedo, Security Researcher with Kaspersky's Global Research & Analysis Team. To avoid such threats, Kaspersky recommends: • Check the addresses of the websites to verify that they are genuine and avoid scam. • Download offline LLM tools only from official sources (e.g., ollama.com, lmstudio.ai). • Avoid using Windows on a profile with admin privileges.
• Use trusted cyber security solutions to prevent malicious files from launching.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Biz Bahrain
02-08-2025
- Biz Bahrain
Kaspersky discovered cyberattacks that sourced information from GitHub, Quora, and social networks to target organizations
Kaspersky detected a complex attack sequence that involved retrieving information from legitimate services such as GitHub, Microsoft Learn Challenge, Quora, and social networks. The attackers did this to avoid detection and run an execution chain to launch Cobalt Strike Beacon, a tool to remotely control computers, execute commands, steal data, and maintain persistent access within a network. The attacks were detected in the second half of 2024 in organizations across China, Japan, Malaysia, Peru and Russia, and persisted into 2025. The majority of victims were large to medium-sized businesses. To infiltrate victims' devices, the attackers sent spear phishing emails which were disguised as legitimate communications from major state-owned companies, particularly within the oil and gas sector. The text was phrased to look like there was interest in products and services of the victim organization to convince the recipient to open the malicious attachment. The attachment was an archive with what looked like PDF files containing requirements for the requested products and services – but in fact some of these PDFs were executable EXE and DLL files containing malware. The attackers leveraged DLL highjacking techniques and exploited the legitimate Crash reporting Send Utility which is originally designed to help developers get detailed, real-time crash reports for their applications. To function, the malware also retrieved and downloaded a code that was stored in public profiles on popular legitimate platforms to avoid detection. Kaspersky found this code encrypted inside profiles on GitHub, and links to it (also encrypted) – on other GitHub profiles, Microsoft Learn Challenge, Q&A websites, and even Russian social media platforms. All of these profiles and pages were created specifically for this attack. After the malicious code was executed on victims' machines, Cobalt Strike Beacon was launched, and the victims' systems were compromised. 'While we didn't find any evidence of the attackers using real people's social media profiles, as all the accounts were created specifically for this attack, there's nothing stopping the threat actor from abusing various mechanisms these platforms provide. For instance, malicious content strings could be posted in comments on legitimate users' posts. Threat actors are using increasingly complex methods to conceal long-known tools, and it's important to stay up to date with the latest threat intelligence to be protected from such attacks,' comments Maxim Starodubov, Malware Analyst Team Lead at Kaspersky. The method used to retrieve the download address for the malicious code is similar to what was observed in the EastWind campaign linked to Chinese-speaking actors. Kaspersky recommends that organizations follow these security guidelines to stay safe: • Track the status of digital infrastructure and continuously monitor the perimeter. • Use proven security solutions to detect and block malware embedded within bulk email. • Train staff to increase cybersecurity awareness. • Secure corporate devices with a comprehensive system, such as Kaspersky Next, that detects and blocks attacks in the early stages.
Biz Bahrain
01-08-2025
- Biz Bahrain
Polyworking generation: How Gen Z's multi-job hustle brings more cybersecurity risks
The new Gen Z trend of 'polyworking' — juggling multiple jobs at once — is creating new cybersecurity challenges, as each additional role increases the risk of attacks on both individuals and corporate networks. From H2 2024 to H1 2025, Kaspersky detected over 6 million attacks disguised as work tools, along with scams posing as job offers on Indeed, Glassdoor, and similar platforms. To help Gen Z navigate in the digital environment, Kaspersky has launched 'Case 404' — an interactive cyber-detective game that helps Gen Z recognize hidden online dangers and learn how to protect their digital lives. For Gen Z, working one job is no longer the norm, it's an exception. While the concept of juggling multiple jobs isn't entirely new, this generation (born 1997–2012) is accelerating the trend of polyworking. The term refers to juggling multiple income streams simultaneously, combining freelance gigs, side hustles, passion projects, and part-time or full-time employment. According to public research, almost a half (48%) of Gen Z members already have a side job, which is the highest rate among all generations. But while polyworking brings autonomy, flexibility, and financial resilience, it also opens the door to new cybersecurity risks — many of which Gen Z may be unaware of. Too many tools, too little control Managing multiple job roles also means navigating an ever-expanding digital environment. Each additional role brings with it new inboxes, project management tools, communication platforms, and external contacts. For polyworking Gen Z users, this can result in dozens of apps and accounts operating simultaneously — from Microsoft Teams and Outlook, to Slack, Zoom, and Notion. While these platforms are designed to streamline collaboration, they also dramatically widen the attack surface. Cybercriminals may take advantage of this complexity, launching phishing emails through compromised business accounts, embedding malware in fake calendar invites, or sending malicious links via chat apps disguised as legitimate coworker messages. The more tools in use, the harder it becomes to verify every interaction, creating the perfect conditions for social engineering and accidental breaches. Between H2 2024 and H1 2025, Kaspersky experts detected 6,146,462 attacks disguised as platforms or content related to 20 popular work tools. The top targets were Zoom (3,849,489), Microsoft Excel (835,179), and Outlook (731,025), followed by OneDrive (352,080) and Microsoft Teams (151,845). In one of the many scams uncovered by Kaspersky researchers, users were tricked into downloading a supposed Zoom update from a phishing page, which in reality was malware in disguise. Example of a phishing page offering to download 'the latest version of Zoom' Job platforms With the rise of so many new income platforms, alongside more traditional job search sites, there also comes an increased cybersecurity risk. As Gen Z explores opportunities across Fiverr, Upwork, Behance, LinkedIn, they are increasingly targeted by phishing schemes disguised as legitimate job offers. From July 2024 to June 2025, Kaspersky experts detected over 650,000 attempts to visit phishing pages disguised as LinkedIn alone. Cybercriminals can exploit the urgency and informality of freelance culture, sending fake recruitment emails, contract attachments, or messages with malicious links that promise 'quick gigs' or 'exclusive offers'. The sheer volume of communication Gen Z receives across inboxes, messengers, and gig platforms widens the attack surface, making it easier for threat actors to slip through unnoticed. What might look like a promising freelance opportunity, may in fact be a trap designed to steal login credentials, deploy malware, or compromise payment information. To access the files with a job offer, a user is asked to log in to LinkedIn – not on the official version, but on a phishing page Poor password hygiene Managing access to a growing number of platforms — ranging from project tools and gig marketplaces to payment systems and internal workspaces — often leads to shortcuts. In the rush to stay productive across multiple jobs, Gen Z workers may frequently reuse passwords or rely on simple, easy-to-remember combinations. While convenient, this practice dramatically increases the likelihood of account compromise. A single weak, or repeated password used across multiple roles can serve as a gateway for cybercriminals, allowing them to move laterally between accounts, steal sensitive information, or even launch further attacks using the victim's identity. Personal devices and shadow IT The situation is further complicated by device usage. Many Gen Z polyworkers operate across multiple gigs using the same personal laptop or smartphone — without segmentation between their work and personal environments. This overlap makes it easy for sensitive client files or corporate credentials to be saved on unsecured devices or public cloud storage solutions like Google Drive or Dropbox. In some cases, polyworkers also install unauthorized software or browser extensions to streamline their multitasking — a practice known as shadow IT. While helpful in the short term, these unauthorized apps may have vulnerabilities or operate with unclear data-sharing policies, increasing the attack surface across all jobs. The danger here isn't limited to individual freelancers. One compromised account, such as a hacked Fiverr login or an email phishing incident tied to a side project, can cascade into much larger breaches if the same credentials are reused for corporate systems. For organizations hiring remote contractors or allowing BYOD (bring your own device) practices, this raises serious questions about endpoint security and credential management. 'When your calendar is packed with tasks from three different jobs and you have notifications coming in from five separate apps, and you're also switching between client chats, invoices, and creative work on the same device — it's only a matter of time before something slips. Gen Z's work-life-tech overlap creates a unique kind of cognitive overload. This constant multitasking increases the risk of mistakes: sending a wrong file to a wrong client, overlooking a phishing email, misconfiguring access permissions. It's not about carelessness — it's about the sheer volume of digital demands pulling attention in all directions. And in cybersecurity, even one small lapse can have big consequences,' said Evgeny Kuskov, Security Expert at Kaspersky. To help Gen Z navigate the digital risks that come with their multi-hustle lifestyle, Kaspersky has developed Case 404 — an interactive cybersecurity game where players step into the shoes of a digital detective. Designed specifically for Gen Z, the game simulates real-world scenarios they face daily. Through immersive storytelling and challenges inspired by phishing attacks and credential leaks, Case 404 helps players recognize cybersecurity threats and teaches them how to spot risks before mistakes happen. To avoid falling a victim from cybercriminals, Kaspersky recommends to: ● Separate work and personal environments: Use different devices for personal and professional tasks to reduce cross-contamination risks. ● Watch out for fake tool updates: Download work tools like Zoom or Teams only from official websites or app stores from trusted developers — not from third-party links or emails. ● Use strong, unique passwords and avoid reusing passwords across platforms. Use a password manager to securely store and generate strong passwords. ● Avoid installing unofficial browser extensions or apps for productivity unless they're verified and approved — especially on work-connected devices. ● Slow down when dealing with urgent messages or unfamiliar contacts. Phishing often thrives on rushed decisions. ● Enable multi-factor authentication (MFA), especially for email, cloud storage, and freelance platforms. ● Use a reliable security solution, like Kaspersky Premium, to detect malicious attachments that could compromise your data. ● Ensure secure browsing and safe messaging with Kaspersky VPN, protecting your IP address and preventing data leaks.
Biz Bahrain
23-07-2025
- Biz Bahrain
Corporate and academic teams welcome to register in a new Kaspersky contest to tear a ticket to Security Analyst Summit
Kaspersky announces the registration opening for its brand-new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation. The competition will run in five regional streams, with the winning teams of each stream getting a unique opportunity to join the finals as part of Kaspersky's Security Analyst Summit in Thailand on October 25-28 and compete for an $18,000 prize pool. In an era where cyberthreats continue to evolve, Kaspersky remains committed to fostering cybersecurity talent and upskilling cybersecurity professionals worldwide to help them counter the constantly developing threat landscape. In May, Kaspersky hosted SAS CTF (Security Analyst Summit Capture the Flag) qualifiers for the community of cybersecurity researchers, defining eight teams that will meet at the finals. The new CTF competition — Kaspersky{CTF} — is designed to reach out to an even broader audience of researchers and bring together teams from academic and corporate fields, offering a platform for both rising talents and established experts to test their skills on a grand scale. Registration for the competition is open for the participating teams, here. To register their team, potential participants should choose one of the regional streams: • North America, South America and the Caribbean • Europe • The Middle East, Turkiye and Africa • Russia and the CIS • Asia and Oceania To complete registration, all participants will have to verify their affiliation with a recognized institution or organization, using emails with corporate or academic domains. On August 30-31, the teams, that passed the registration, will step up to the 24-hour online CTF tournament that will define regional winners. During the challenge, they will face cutting-edge cybersecurity tasks, ranging from cryptography and reverse engineering to web security, and undoubtedly AI. The META stream of the competition is organized with the support of the UAE Cyber Security Council. The Council plays a vital role in securing the nation's digital transformation and supporting initiatives that enhance cyber resilience within the local market. H.E Dr. Mohamed Al Kuwaiti, Head of the UAE Cyber Security Council, stated: 'The UAE Cyber Security Council is committed to fostering a resilient and forward-looking cyber environment'. He added: 'We recognize the critical importance of nurturing cybersecurity talent and commend initiatives like the Kaspersky CTF for empowering cybersecurity professionals and strengthening community cooperation'. The winners of five regional Kaspersky{CTF} streams will have an opportunity to receive an exclusive invitation and travel coverage to the SAS CTF 2025 on-site finals in Thailand to compete for the main prize together with eight SAS CTF finalists. 'Organizations supporting or participating in CTFs not only strengthen internal cyber capabilities but also signal a proactive commitment to talent development and industry leadership. For young researchers, Kaspersky{CTF} is a unique opportunity to meet the real-world challenges and realize that work in cybersecurity is worth it,' commented Igor Kuznetsov, Director of Kaspersky's Global Research & Analysis Team. In preparation for the main event, Kaspersky will organize a series of educational sessions designed to enhance participants' competitive readiness. These webinars will cover teaser tasks and strategies for effective CTF performance at SAS CTF finals.
