Beware the DeepSeek Wave: How Cybercriminals are Exploiting a Popular Chatbot to Spread macOS Malware

Security Bite: Top macOS Threat Found Riding the DeepSeek Wave

DeepSeek, a China-based LLM chatbot, has risen to popularity but has also attracted cybercriminals. These criminals are using the app's fame to distribute malware and run scams, particularly targeting macOS users.

Key Points:

• Phishing and Scams: Cybercriminals are tricking users into scanning QR codes to compromise crypto wallets and offering fake investment opportunities.
• Fake DeepSeek Mac Apps: Malware disguised as legitimate DeepSeek applications is being distributed. Notably, AMOS (Atomic) malware, a stealthy stealer written in Swift, is being spread via DMG files.
• Malware Distribution Method: Victims are instructed to drag and drop malicious .file into the Terminal app, bypassing macOS security measures.
• Privacy Concerns: DeepSeek's adherence to Chinese laws raises privacy concerns, leading to investigations in the US and Europe and the app's removal from the App Store in Italy.

Apple’s Response:

• macOS Sequoia: New security features aim to prevent users from executing unsigned or notarized software, although hackers have found ways around this.

Recommendations:

• Avoid downloading or engaging with DeepSeek due to privacy risks and potential cyber-espionage.
• Be cautious of any applications that prompt you to execute files via Terminal.