macOS users targeted in new cyberattacks by “Fake DeepSeek Campaign” to spread Poseidon Stealer malware

A new cyberattack campaign, dubbed the "Fake DeepSeek Campaign," is targeting macOS users by exploiting the popularity of DeepSeek, a Chinese-developed AI chatbot. Threat actors are distributing the Poseidon Stealer malware through fake applications, phishing links and compromised websites to exfiltrate sensitive user data.

Researchers identified this campaign using trojanized applications that communicate with a command-and-control (C2) server. The malware establishes persistence by modifying macOS system files and exploits legitimate processes to evade detection. Indicators of compromise (IoCs) include suspicious plist files, unauthorized binaries with elevated privileges, and network traffic to the C2 server.

The rise of DeepSeek has fueled a surge in cyberthreats, with attackers launching phishing scams, malware campaigns and fake investment schemes exploiting its popularity. Cybercriminals create fraudulent websites mimicking DeepSeek to steal cryptocurrency wallets, distribute malware and deceive investors with fake pre-IPO offers.