The Chinese AI startup DeepSeek has gained attention in the global AI market with its open-source inference model, DeepSeek-R1, which outperforms OpenAI’s GPT-01 and offers a more cost-effective alternative to existing models.
According to Google Trends, the search volume for DeepSeek surged after the release of the DeepSeek-R1 model on January 20, 2025, reaching a peak interest level of ‘100’ on January 28, 2025. As DeepSeek gained popularity, concerns about phishing and fraudulent websites also grew, leading to increased use of Criminal IP Domain Search for identifying potential threats.
*Google Trends measures interest over time, with a value of 100 representing the highest search frequency, 50 for half that frequency, and 0 when there is insufficient data.
Malware Distribution via DeepSeek Phishing Website
Recently, cyber attackers have been taking advantage of DeepSeek’s rising popularity by creating phishing websites that mimic the official site. These fraudulent sites use Site Proxy techniques to mimic the official site while embedding malware download links.
Official DeepSeek Site vs Phishing DeepSeek Site
- Official DeepSeek Site: When you click the “Get DeepSeek App” button, you’ll see a QR code linked to the Appstore.
- Phishing DeepSeek Site: When you click “Get DeepSeek App”, a file containing malware is downloaded.
![Phishing DeepSeek Site hxxps://deepsekk[.]sbs](https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2025/02/%EB%94%A5%EC%8B%9C%ED%81%AC_3.png?resize=1024%2C846&ssl=1)
As of 2025-02-03 06:47:30 UTC, 24 antivirus programs detected the app downloaded from the fake DeepSeek site as malicious, and it received 154 negative votes.
The antivirus detection results suggest that the app is a malicious program targeting a financial app named “Corper“.
Criminal IP Domain Search: Detection of DeepSeek Phishing Site
Using Criminal IP Domain Search, phishing sites can be quickly analyzed and detected.
![Criminal IP Domain Search report on the phishing domain hxxps://deepsekk[.]sbs](https://i0.wp.com/blog.criminalip.io/wp-content/uploads/2025/02/%EB%94%A5%EC%8B%9C%ED%81%AC_5.png?resize=800%2C611&ssl=1)
Key Points Identified by Criminal IP:
① Domain Scoring
- Criminal IP AI automatically analyzes and scores domain risks.
- The Phishing DeepSeek site was analyzed as having a Critical (99.0%) risk level → High probability of fraud.
② Newborn Domain
- Verifies the domain’s creation date helps assess phishing potential.
- The phishing site for DeepSeek was created on January 30, 2025, with a new domain → High possibility of phishing.
③ Form Event
- Detects mismatched form submission domains.
- The DeepSeek phishing site uses a Site Proxy to transmit form data to a different domain.
④ Fake Favicon
- Detects suspicious Favicon URLs in the HTML.
- The DeepSeek phishing site’s Favicon URL differs from the official one, indicating a Site Proxy.
⑤ Email Domain Check
- Compares site email addresses with the domain.
- The email domain used by the DeepSeek phishing site does not match the official one → High probability of a scam.
Conclusion
The case of phishing websites exploiting DeepSeek’s popularity highlights how attackers leverage trending topics to distribute malware.
To protect against these attacks, users should analyze the site using Criminal IP Domain Search and pre-block threat links with Criminal IP browser extensions.
⚠️ Always be cautious when accessing new sites. Use Criminal IP to prevent security threats in advance!
FAQs
Q1. Does using DeepSeek pose a risk of personal data exposure?
DeepSeek is gaining global attention as a cost-effective AI model competing with OpenAI’s ChatGPT. However, one of the biggest concerns is data privacy.
Since the possibility of user data being transmitted or stored on a Chinese server, it is advisable to avoid entering sensitive information.
Q2. How to be secure?
To use AI model like DeepSeek safely, follow these security guidelines.
- It is best not to enter personal information (name, address, account number, etc.) or sensitive information.
- Review DeepSeek’s official privacy policy to understand how data is processed.
- By using Criminal IP’s IP analysis service, you can check the location and network security status of the DeepSeek server.
- Criminal IP’s Threat Intelligence feature allows you to detect potential security threats in your network connection with DeepSeek.
To use AI services like DeepSeek securely, it is important to utilize Criminal IP’s security analysis tools to check the server information and network security status. This reduces the risk of personal information leakage and allows AI to be used in a more reliable environment. For more insights on avoiding phishing attacks, refers to How To Be Safe From Google Ads Scams (MetaMask Phishing Site).
This report is based on data from Criminal IP, a Cyber Threat Intelligence search engine. Sign up for a free trial of Criminal IP today to explore the search results mentioned in the report and delve into comprehensive threat intelligence.
Source: Criminal IP (https://www.criminalip.io)
Related Article(s) :