Phishing Alert: Beware of Cloned Websites of DeepSeek R1 AI Model

Summarize with:

ChatGPT Claude.ai Google AI Grok Perplexity

Add as preferred source on Google

• China-made AI model DeepSeek R1 has been targeted by cybercriminals with cloned websites.
• A cybersecurity analyst found several phishing websites that could be used to scam users.
• One of the websites ends with an .org extension – /deepseek[.]org.

The latest AI model made in China, DeepSeek R1 has been cloned by threat actors. Cybersecurity researcher Dominic Alvieri listed names of the cloned copies. 

These are the duplicated versions of the DeepSeek R1, the famed AI model offered as open-source:

• /deepseek[.]ai
• /deepseek[.]org
• /deepseek[.]app
• /deepseek[.]top
• /deepseek[.]cyou
• /deepseek.website
• /deepseekai[.]com
• /deepseekagent[.]com

The presently unknown threat actors targeted the latest version DeepSeek R1 to which Alvieri exclaimed, “Companies spend tens of millions of dollars developing ideas but can’t spend @ $100 to secure their digital domain and help prevent employees and customers from getting phished.”

Deep Seek R1 has become a global phenomenon for its performance and giving a tough competition to ChatGPT. Among the first versions of DeepSeek was DeepSeek Coder, launched in 2023 and used for coding projects. 

Newer versions – including DeepSeek LLM and DeepSeek-V2, which were launched last year – took the large language model market to another level for its low cost. 

Cloning a website can lead to data exposure and financial loss if unsuspecting users input their details on them. 

Such phishing websites appear similar to a legitimate website and are often sent to targets as links in malicious emails, SMSes, and pop-ups. 

In a recent incident, MasterCard took a step in time to prevent abuse of its platform after a security consultancy found a typo in its domain name and notified the payment card company. 

If threat actors had understood about the domain name typo, they would have used the correctly spelled domain name and created fake websites to cheat users.

Related

Ex-Data Analyst Convicted in $2.5M Brightly Software Extortion Scheme

Perseus Malware Based on Phoenix and Cerberus Predecessors Initiates Android Device Takeovers, Targets Users’ Personal Notes

Handala Websites Seized by FBI After Stryker Cyberattack

Foster City Ransomware Attack Disrupts Non-Emergency Municipal Operations

4 Major Botnets Dismantled: Aisuru, KimWolf, JackSkid, Mossad

CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.

Subscribe for Free

Please enter a valid email address.

Most Popular

Ex-Data Analyst Convicted in $2.5M Brightly Software Extortion Scheme

Perseus Malware Based on Phoenix and Cerberus Predecessors Initiates Android Device Takeovers, Targets Users’ Personal Notes

Handala Websites Seized by FBI After Stryker Cyberattack

Foster City Ransomware Attack Disrupts Non-Emergency Municipal Operations

4 Major Botnets Dismantled: Aisuru, KimWolf, JackSkid, Mossad

CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker

Ex-Data Analyst Convicted in $2.5M Brightly Software Extortion Scheme

Perseus Malware Based on Phoenix and Cerberus Predecessors Initiates Android Device Takeovers, Targets Users’ Personal Notes

Handala Websites Seized by FBI After Stryker Cyberattack

Foster City Ransomware Attack Disrupts Non-Emergency Municipal Operations

4 Major Botnets Dismantled: Aisuru, KimWolf, JackSkid, Mossad

CISA Urges Organizations to Harden Endpoint Management Systems After Cyberattack Against US Medical Giant Stryker