It’s possible to run some of today’s AI chatbots locally on your PC. Just be careful: A newly discovered strain of Windows malware is exploiting interest in DeepSeek’s AI models to infect victim computers. The attack delivers the “BrowserVenom” malware, which can secretly spy on and manipulate a user’s internet traffic, according to the antivirus provider Kaspersky. 

Hackers spread the attack through Google ads that appeared on search results for “deep seek r1,” DeepSeek’s latest AI models, which are available online. The problem is that newbies to generative AI may not be aware of the official domains hosting the R1 model.

(Credit: Kaspersky)

Clicking on the Google ads redirected users to a fake DeepSeek domain at “https[:]//deepseek-platform[.]com,” which presented a button to download the R1 model. The goal was to dupe the user into downloading a malicious file called “AI_Launcher_1.21.exe.” 

“We examined the source code of both the phishing and distribution websites and discovered comments in Russian related to the websites’ functionality, which suggests that they are developed by Russian-speaking threat actors,” Kaspersky says. 

(Credit: Kaspersky)

Running the malicious .exe file presented a fake screen to install R1. But in the background, the program delivered the BrowserVenom malware, which reconfigured a PC’s browsers to route traffic through a proxy server controlled by the hackers. “This enables them to sniff sensitive data and monitor the victim’s browsing activity while decrypting their traffic,” Kaspersky says. 

The good news is that the malicious domain behind the attack has been suspended. However, the malware, which can evade most antivirus software, did hit some users. Kaspersky has “detected multiple infections in Brazil, Cuba, Mexico, India, Nepal, South Africa, and Egypt.”

The report is a reminder to make sure you’re visiting an official domain or channel for an AI company before downloading anything. Running open-source AI programs, such as R1, on a PC also requires multiple steps; it’s not just a single conveniently designed Windows executable.

5 Ways to Get More Out of Your ChatGPT Conversations

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan