Fake ads impersonating the Chinese generative AI company DeepSeek are appearing in Google search results, delivering infostealing malware to unsuspecting users. The ads exploit the popularity of DeepSeek, which garnered significant attention earlier this year with its launch of first-generation reasoning models, namely DeepSeek-R1-Zero and DeepSeek-R1, to much fanfare.
Researchers at Malwarebytes identified the malicious advertisements in a blog post on March 26. They reported that while the ads may not initially appear convincing, the links redirecting to fraudulent DeepSeek sites are designed to deceive users effectively.
Upon clicking the download link on these malicious sites, users inadvertently deploy a Trojan called the Heracles MSIL. This infostealer primarily targets cryptocurrency wallets, with its origin believed to be tied to Russian cybercriminals. Malwarebytes’ senior director of research, Jérôme Segura, highlighted the nature of this threat during discussions about user security.
To help users identify such fraudulent ads, Arntz recommended examining links more closely and noted that the URLs in the fake DeepSeek ads differ from the legitimate domain. He urged the public to refrain from clicking on sponsored search results altogether, reinforcing this crucial advice.
These incidents reflect ongoing security challenges associated with Google Ads. Previous reports from Malwarebytes have highlighted similar issues where fake ads have impersonated legitimate brands and even Google’s own products. Despite a significant ad safety initiative by Google, which reported blocking over 5.5 billion ads in 2023, Segura stated that the abuse of this platform by cybercriminals persists.
In response to concerns, a Google spokesperson confirmed that their systems had detected the malware campaign prior to the public disclosure and that they had suspended the offending advertiser’s account. Emphasizing their commitment to safety, the spokesperson stated, “We expressly prohibit ads that aim to distribute malware and immediately suspend advertisers who violate this policy.” This statement came amidst escalating concerns around the efficacy of Google’s ad safety measures.