The National Computer Virus Emergency Response Center (NCVERC) Issues Security Alert Regarding DeepSeek Android Trojan Horse Malware

The National Computer Virus Emergency Response Center (NCVERC) Issues Security Alert Regarding DeepSeek Android Trojan Horse MalwareThe NCVERC, in collaboration with the National Engineering Laboratory for Computer Virus Prevention and Control, and with the assistance of the National Computer Virus Collaborative Analysis Platform, has recently discovered and captured an Android-based mobile Trojan horse virus targeting Chinese users. This virus disguises itself as the official application of the Chinese-developed AI large language model, "DeepSeek," aiming to steal users' personal information and conduct financial fraud

The National Computer Virus Emergency Response Center (NCVERC) Issues Security Alert Regarding DeepSeek Android Trojan Horse Malware

The NCVERC, in collaboration with the National Engineering Laboratory for Computer Virus Prevention and Control, and with the assistance of the National Computer Virus Collaborative Analysis Platform, has recently discovered and captured an Android-based mobile Trojan horse virus targeting Chinese users. This virus disguises itself as the official application of the Chinese-developed AI large language model, "DeepSeek," aiming to steal users' personal information and conduct financial fraud.

The malware spreads by inducing users to update the application. Once a user clicks the "Update" button within the counterfeit app, they download and install a sub-package containing malicious code. This package requests numerous permissions, including background running and accessibility services. These permissions grant the malware access to users' text messages, contact lists, application lists, and other sensitive information, seriously infringing on citizens' personal privacy. Furthermore, the malicious program prevents users from uninstalling itself, making virus removal more difficult.

The NCVERC's website indicates that this malicious app is a new variant of a financial theft-type mobile Trojan horse virus. Its interface uses simplified Chinese, clearly targeting Chinese users. Cybercriminals are likely using this malware to commit telecom network fraud, inducing users to install the virus from unofficial channels to steal personal financial information and privacy, resulting in significant economic losses and risks of personal information leakage.

Besides the "DeepSeek.apk" file mimicking the DeepSeek Android client, the National Computer Virus Collaborative Analysis Platform has also discovered several other virus sample files, including "DeepSeek.exe," "DeepSeek.msi," and "DeepSeek.dmg." As DeepSeek has not yet released official clients for Windows and macOS, these files are all malicious imitations, further highlighting the cunning tactics and escalating fraud strategies of cybercriminals.

The NCVERC believes that mimicking popular AI applications has become a new method for cybercriminals to spread virus Trojans. A continuing increase in similar AI application viruses mimicking DeepSeek is expected in the near future. Users need to be vigilant and strengthen their preventative awareness.

To ensure users' network and personal information security, the NCVERC has issued the following security recommendations:

1. Download applications from legitimate channels: Strictly avoid downloading applications from unofficial channels such as text messages, social media, or online storage services. Users should only download and install apps from the official DeepSeek website or legitimate app stores. Do not trust links or QR codes from unknown sources to avoid falling into the trap of cybercriminals.

2. Keep security software updated: Keep your phone's pre-installed security protection features or third-party mobile security software enabled and updated to the latest version. The latest versions usually contain the latest virus databases and security patches, effectively intercepting and eliminating malware.

3. Carefully handle permission requests: Be cautious about any app installation requests not initiated by the user. If any application requests access to device management, background running permissions, accessibility functions, or other sensitive permissions during installation, immediately refuse the request and delete the application. Unnecessary permissions provide opportunities for malware.

4. Properly handle uninstallable applications: If you encounter an application that cannot be uninstalled after installation, immediately back up important data on your phone, including contacts, text messages, photos, chat logs, and documents. Then, seek assistance from your phone manufacturer's after-sales service personnel or professionals for security checks and recovery. Do not attempt to delete it yourself to avoid data loss or system damage.

5. Closely monitor account anomalies: Closely monitor login information and transaction records for personal social media and financial accounts, promptly identifying and addressing any anomalies. If you detect unusual logins or transactions, immediately change your password and contact the relevant software provider. Also, check if friends and family have received unusual messages from your phone number or social media account and inform them immediately.

6. Be wary of phishing tactics: Be vigilant against telecom network fraud tactics targeting popular apps. For example, phrases like "Due to an anomaly on the official XXX software website, please download the official application through the following link" or "The XXX software has been updated to the latest version, and users need to re-grant background running and accessibility permissions" are common phishing tactics. Do not trust such information; verify it through official channels.

7. Virus detection: For downloaded suspicious files, users can upload them to the National Computer Virus Collaborative Analysis Platform for detection to confirm whether they contain malicious code.

The NCVERC's timely warnings and security recommendations are crucial for raising public awareness of network security and preventing and combating cybercrime. We urge all users to be vigilant, strengthen their self-protection awareness, and work together to maintain a healthy online environment. Only by remaining vigilant can we effectively avoid becoming victims of cybercrime.

Disclaimer: The content of this article is sourced from the internet. The copyright of the text, images, and other materials belongs to the original author. The platform reprints the materials for the purpose of conveying more information. The content of the article is for reference and learning only, and should not be used for commercial purposes. If it infringes on your legitimate rights and interests, please contact us promptly and we will handle it as soon as possible! We respect copyright and are committed to protecting it. Thank you for sharing.(Email:[email protected])