Kaspersky has found multiple infections in Brazil, Cuba, Mexico, India, Nepal, South Africa and Egypt.
Use verification code as throw
In order to increase its operation and reduce the legitimacy of user suspicion, the attacker embeds fake verification code twice in the attack chain. When the user clicks the “Try Now” button on the malicious DeepSeek download site, the first appears, triggering a decoy verification code that mimics the standard verification.
Interestingly, the verification code does verify whether the user is a human. “Clicking this button will bring the user into the verification code inverse machine screen,” the researchers noted. “The code for this screen is obfuscated as JavaScript, which performs a series of checks to make sure the user is not a robot.”
