Cybercriminals have increasingly been exploiting the growing use of artificial intelligence (AI) with a new phishing scam that tricks users into downloading malware. Security researchers at CloudSEK have uncovered a sophisticated cyberattack called the ‘DeepSeek ClickFix scam’, which uses fake captcha pages and malware-infected downloads to steal login credentials.
How the Scam Works
Attackers have created a fake website (deepseekcaptcha[.]top) that looks very similar to DeepSeek’s official verification page.
As part of this scam, users are asked to complete a fraudulent captcha verification. When clicked, the verification runs a hidden PowerShell command. This command installs two dangerous malware programs – Vidar Stealer and Lumma Stealer – that steal login details, financial data, and session tokens.
The stolen data can be used to hack accounts, including those on platforms like Steam and Telegram. To avoid detection, cybercriminals have used Cloudflare hosting, making it difficult for security systems to track and block the malicious site.
Cybersecurity Experts Warn AI Users to Stay Vigilant
According to CloudSEK’s threat intelligence lead, Sparsh Kulshrestha, this attack highlights how hackers are adapting to new technologies.
“The DeepSeek ClickFix scam is a stark reminder of how cybercriminals continuously adapt to exploit emerging technologies. AI users must be extra vigilant when engaging with online verification requests,” he warned.
Cybersecurity experts warn that AI-related scams are becoming more sophisticated, making them harder to detect using traditional security tools.
How to Protect Yourself
CloudSEK recommends several precautionary measures to prevent phishing scams. Users should always verify website URLs before entering credentials to ensure they are on a legitimate platform.
Users must also be cautious of captcha requests, as AI platforms do not repeatedly require verification. Unexpected prompts should be treated with suspicion.
Enabling multi-factor authentication (MFA) adds an extra layer of security, which prevents hackers from accessing accounts even if credentials are stolen. Organisations should also implement anti-phishing protection, such as email filters and domain monitoring tools, to detect phishing scams early.
Lastly, keeping devices and security software updated helps protect against new and evolving threats.
