Since the DeepSeek R-1 generative AI model was released earlier this year, it has captured significant attention for being a more efficient and affordable alternative to its competitors. But as the app has grown in popularity, so have the number of imposters; McAfee recently reported that DeepSeek scams are on the rise, enticing people to click on fake advertisements and websites, then infecting their devices with malware.

How the scams work

Online scammers often take advantage of trendy applications in order to plant malware on unsuspecting users’ devices and steal sensitive information. According to McAfee:

“Malware creators frequently exploit trending search terms through hashtags and SEO manipulation to boost visibility and climb search rankings. This tactic, known as SEO poisoning, helps drive traffic to malicious sites, increasing downloads or earning rewards through affiliate programs.”

With the DeepSeek app garnering around 30 million downloads worldwide and both “AI” and “DeepSeek” trending high in internet searches, scammers haven’t hesitated to take advantage. Many DeepSeek scams are presenting themselves in the form of Google Ads, enticing users to click on links that lead to copycat websites. According to Security Week, over 2,500 look-alike pages were created between December 2024 and February 2025 alone. Since going live, the DeepSeek website has been down several times due to high traffic. This is problematic, because when the legitimate site is down, users are more likely to click on copycat links that direct them to a site that loads. These links lead to various forms of malware, which are then inadvertently downloaded by users.

The diversity of DeepSeek scams

DeepSeek scams come in a variety of forms – here’s what internet users have encountered so far:

1. Malicious software downloads

Copy-cat URLs will often prompt visitors to install “DeepSeek software” – but instead of downloading the application, this download will connect the user to hostile servers, allowing hackers to obtain access to the user’s computer. The hackers can then flood the computer with a variety of malicious software, including keyloggers, which record the user’s every keystroke, allowing hackers to garner sensitive information, such as browsing data, passwords, and credit card information. Other malicious software that has been found at these fake sites includes cryptominers, which, according to McAfee, “ [use] infected devices to mine cryptocurrency, draining resources, slowing performance, increasing energy costs, and often remaining difficult to detect or remove.”

2. Forced unrelated software installation

Copycat URLs can also lead to downloads of unrelated software, that may or may not be malicious, but whose downloads provide revenue for the impersonators. According to McAfee,

“[C]ertain affiliates were able to spike their partner downloads and get a commission based on pay-per-install partner programs. Rogue affiliates use this tactic to generate revenue through forced installations of partner programs.”

3. Fake developer tool packages

According to SecurityWeek, cybercriminals also targeted developers in their DeepSeek scams, uploading two Python packages “deepseeek” and “deepseekai” to the Python Package Index, a “widely used repository for Python software.” The packages, when downloaded, allowed hackers to steal system data and user data.

4. Fake captcha pages

DeepSeek-impersonating URLs have also led users to fake captcha pages, which ask them to verify their identity. But according to McAfee, instead of working as captchas should, the pages prompt users to “[paste] secret commands into the Windows Run dialog, disabling antivirus programs and installing malware like Vidar Infostealer, which can swipe browser data and digital wallet credentials” or download malicious software that gives hackers access to their data. Other users have also seen a rise in fake social media accounts, fake partnership programs for creators, fake smartphone apps, and fake bots, which try to convince them to put money into supposed “DeepSeek investments” and attempt to steal login information.

How to protect yourself

Wondering how to protect yourself against copycat scams? Here are a few tips from cyber experts:

1. Verify the authenticity of website URLs.

Many copycat pages have URLs that are suspiciously close to the originals. However, a closer inspection may find added letters or words that differentiate the copycat from the legitimate website. Always look closely before clicking.

2. When in doubt, don’t download.

When downloading new applications, be sure you trust the site you are downloading from. If you are downloading an app onto your phone, be sure to check app reviews for trustworthiness before installing, so that you don’t accidentally download malware onto your device.

3. Be aware of performance issues.

A slow-performing device could mean that malicious software is taking up computing power.

4. Consider installing security software.

Security software can help protect your information and prevent you from accessing unsecure or dangerous websites. The post Beware: DeepSeek scams are on the rise appeared first on OPUSfidelis.