A recent cybersecurity threat has emerged in the form of Android malware masquerading as DeepSeek, an advanced artificial intelligence chatbot application.
This malicious software is designed to deceive users into downloading a fake version of the DeepSeek app, which ultimately leads to the theft of sensitive user information.
The malware is propagated through phishing links, such as hxxps://deepsekk[.]sbs, where users are tricked into downloading a malicious APK file named DeepSeek.apk.
Once installed, the malware uses the genuine DeepSeek icon to blend in with legitimate apps on the device.
Upon launching the fake app, users are prompted to update it, which requires enabling the “Allow from this source” option.
According to K7 Security Labs Report, this process installs an additional app, resulting in multiple instances of the malware on the device, each with different package names namely, “com.hello.world” and “com.vgsupervision_kit29”.
Technical Analysis and Impact
The malicious app employs advanced evasion techniques, including password protection for the APK files, which complicates analysis using standard tools like APKTool and Jadx.
However, the Android SDK tool aapt was successful in parsing the app.
The malware utilizes a Domain Generation Algorithm (DGA) for Command & Control (C2) communication, allowing it to dynamically generate domain names and evade detection1.
After installation, the child app frequently prompts users to enable Accessibility Services, which, if granted, can lead to significant privileges on the device.
This enables the malware to capture sensitive information such as login credentials and transmit them to the C2 server.
The malware also scans and reports all installed applications on the device, further compromising user privacy.
Mitigation and Prevention
To protect against such threats, users are advised to exercise caution when downloading apps, sticking to reputable platforms like Google Play and the App Store.
Regularly scanning devices with updated security software, such as K7 Mobile Security, is crucial.
Additionally, keeping devices patched for known vulnerabilities can help prevent exploitation by malicious actors.
Users should be vigilant about suspicious updates and permissions requests from unfamiliar apps to avoid falling prey to these sophisticated threats.
