駭客冒充甫推出的DeepSeek V4散布惡意軟體
微軟威脅情報團隊於職場社群網站LinkedIn提出警告,他們在DeepSeek V4推出的數個小時之後,看到有人假冒此模型的名義設置GitHub儲存庫,導致有使用者下載了竊資軟體Vidar與惡意代理伺服器程式GhostSocks。對此,GitHub已關閉惡意儲存庫、封鎖惡意帳號,以阻止造成更多傷害。
這起活動使用DeepSeek的名稱為誘餌,深度求索的程式碼或帳號未遭到入侵。微軟強調,這次深度求索透過API與Hugging Face發布DeepSeek V4,並未於GitHub建立儲存庫,若是使用者透過關鍵字DeepSeek v4 weights GitHub進行網路搜尋,惡意儲存庫及其分叉(Fork)往往會在正牌DeepSeek V4的前面。為了迴避偵測,攻擊者在3天內輪換惡意軟體的酬載3次。
On April 24, 2026, within hours of the DeepSeek V4 launch, attackers had created a fake GitHub repository spoofing DeepSeek V4 to deliver malware. Within four hours, victims were downloading malware… | Microsoft Threat Intelligence
On April 24, 2026, within hours of the DeepSeek V4 launch, attackers had created a fake GitHub repository spoofing DeepSeek V4 to deliver malware. Within four hours, victims were downloading malware associated with Vidar infostealer and GhostSocks proxy malware. GitHub promptly took down the malicious repository, organization, and user account to prevent further harm. The activity relied on impersonation tactics to appear legitimate. The repository copied public benchmark data from the official release, used search-optimized naming and tags, and copied official branding. The attackers structured the fake repository to be discoverable for search queries related to DeepSeek V4. This was a campaign that used DeepSeek’s name as a lure, not a compromise of legitimate DeepSeek code or accounts. Upon further investigation, this is not unique to DeepSeek V4; we have identified multiple malware campaigns masquerading as trending AI solutions. DeepSeek V4 launched via API and had a Hugging Fa
www.linkedin.com
Comments (0)