Anshuman Das

Cybercriminals are exploiting DeepSeek’s rising popularity to launch ClickFix phishing campaigns, tricking users into clicking fake CAPTCHA links that steal credentials and install malware like Vidar and Lumma Stealer. These attacks impersonate DeepSeek’s branding to appear legitimate, bypass security measures, and infect unsuspecting victims. CloudSEK’s Threat Research Team has uncovered a malicious domain distributing malware via deceptive verification buttons. Learn how to spot these scams, secure your accounts with MFA, and avoid becoming the next victim! Stay informed and shield your data NOW before it’s too late! 🔥

CloudSEK's research uncovers a generic phishing framework capable of targeting multiple brands by leveraging customizable URLs to impersonate legitimate login pages. Hosted on Cloudflare's workers.dev, these phishing pages dynamically adapt by using targeted email domains to generate realistic backgrounds, deceiving users into surrendering credentials. The stolen data is exfiltrated to a remote server via obfuscated JavaScript. Organizations must enhance awareness through training, simulate phishing scenarios, and establish clear reporting protocols to mitigate risks and protect against evolving phishing threats.