DeepSeek: Malware and fraudsters exploit the hype, database open on the net
Criminals exploit the hype surrounding DeepSeek with crypto fraud and malware. The DeepSeek database with sensitive information was openly available online.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
The hype surrounding the Chinese AI company DeepSeek is also attracting criminals. They are trying to defraud victims of their money with fake cryptocurrencies or distribute malware via fake websites. DeepSeek, meanwhile, has let security slip: A database containing sensitive information was openly available online.
The IT security researchers at Wiz write on a blog post that the excitement surrounding the young AI star DeepSeek led them to search for security vulnerabilities, and they quickly found them. “Within minutes, we found a publicly accessible ClickHouse database connected to DeepSeek – completely open and without authentication, granting access to sensitive data. They were hosted at 'oauth2callback.deepseek.com:9000' and 'dev.deepseek.com:9000',” write the IT researchers.
DeepSeek: Sensitive data openly visible
The database contained a “significant volume of chat histories, backend data and sensitive information, including log streams, API secrets and operational details”. The Wiz researchers consider it critical that complete control of the database and a potential expansion of rights within the DeepSeek environment was possible without any authentication or external defense mechanisms. Following information from the IT researchers, DeepSeek immediately secured the databases.
Videos by heise
Meanwhile, criminals are also jumping on the DeepSeek bandwagon and want to capitalize on it illegally. On X, BSCN reports that fraudsters are setting up fake DeepSeek cryptocurrencies and causing massive financial damage.
According to the report, a Solana-based token misusing the name DeepSeek reached a market capitalization of around USD 49 million on Monday of this week. The trading volume even amounted to 150 million US dollars, which BSCN was able to ascertain from data from the Solana token aggregator Birdeye. After the heated run-up, the total value then fell to just 4 million US dollars on Tuesday. Another fake DeepSeek token briefly reached a market capitalization of USD 13 million with a trading volume of USD 28.5 million; this also plummeted to a total value of USD 2 million.
DeepSeek has clarified on its official X account @deepseek_ai that the company has nothing to do with this. “DeepSeek has not issued any cryptocurrencies. Moreover, there is only one official account on the Twitter platform. We do not contact anyone through other accounts. Please remain vigilant and be wary of potential scams,” writes DeepSeek.
The tip should certainly be taken seriously. Although DeepSeek calls itself “DeepSeek AI”, the official company domain is deepseek.com. Somewhat naively, DeepSeek has apparently not only slipped up with database security, but also with extensive, preventive domain registration with other top-level domains and typo domains. Here, too, criminals have seized the opportunity and registered the TLDs .ai, .org, .app, .top, .cyou as “deepseek” as well as domains such as deepseekai.com or deepseekagent[.]com, as the user with the handle @AlvieriD on X reported.
Some of these domains contain fake, cloned DeepSeek websites. These can distribute malware, for example.
This week, DeepSeek was also the victim of cyberattacks that impaired the accessibility and performance of the services offered. However, the registration of new accounts should now work again, as the company has implemented several countermeasures.
(dmk)
