Close Menu
  • Home
  • Cyber security
  • Mobile security
  • Computer Security
  • Cyber news
  • Malware
  • About us
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram
Cyber infos
Subscribe
  • Home
  • Cyber security
  • Mobile security
  • Computer Security
  • Cyber news
  • Malware
  • About us
Cyber infos
Home » Warning: Fake DeepSeek Android App Spreads Malware — Here’s How to Stay Safe
Cyber news

Warning: Fake DeepSeek Android App Spreads Malware — Here’s How to Stay Safe

Cyber infosBy Cyber infosMarch 17, 2025Updated:March 17, 2025No Comments4 Mins Read
Share Facebook Twitter LinkedIn Email WhatsApp Copy Link
Follow Us
Google News Flipboard Threads
Warning: Fake DeepSeek Android App Spreads Malware — Here's How to Stay Safe
Share
Facebook Twitter LinkedIn Email WhatsApp Copy Link

In an alarming new development, a sophisticated Android banking trojan dubbed OctoV2 has emerged, posing as the popular DeepSeek AI application. This malware campaign employs cunning tactics to deceive users, ultimately stealing their login credentials and other sensitive information. With DeepSeek rapidly gaining popularity, cybercriminals are capitalizing on its trusted name to spread malicious software.

Table of Contents hide
1 The Rise of DeepSeek and Its Popularity
2 How the Malware Campaign Unfolds
3 Dual Malware Instances
4 Advanced Evasion Techniques
5 How OctoV2 Operates
6 How Users Can Protect Themselves
7 Final thoughts

The Rise of DeepSeek and Its Popularity

DeepSeek, an advanced AI chatbot developed by a Chinese startup based in Hangzhou, quickly gained traction after its release in January 2025. With versions available on both iOS and Android, DeepSeek’s intuitive design and impressive capabilities have attracted a growing user base. Unfortunately, this popularity has also made it a prime target for cybercriminals looking to exploit user trust.

How the Malware Campaign Unfolds

Researchers from K7 Security Labs discovered the OctoV2 malware following a suspicious Twitter post about a fake DeepSeek Android application. Their investigation led them to a phishing website designed to mimic DeepSeek’s official platform. The fraudulent site ( hxxps://deepsekk[.]sbs) hosts a malicious APK file, which unsuspecting users download and install.

The Deceptive Installation Process

Once installed, the malicious app displays an icon identical to the legitimate DeepSeek app, making it incredibly difficult for users to spot the threat. The app further manipulates users by presenting an “update” screen that prompts them to enable the “Allow from this source” option — a common Android security setting used to bypass default restrictions.

Dual Malware Instances

The infection process results in two instances of the DeepSeek malware being installed on the victim’s device:

  • Primary Package: com.hello.world — Acts as the parent app.
  • Secondary Package: com.vgsupervision_kit29 — Installed as the child app.

Both packages are designed to operate discreetly, making detection and removal difficult.

Advanced Evasion Techniques

OctoV2 employs multiple techniques to avoid detection:

  • Password-Protected Code: Both the parent and child applications are encrypted with passwords, preventing common analysis tools like APKTool and Jadx from decompiling them easily.
  • Hidden Payload Extraction: The parent app extracts a concealed “.cat” file from its assets folder and installs it as the child package, named Verify.apk.

How OctoV2 Operates

Once installed, the child app aggressively seeks Accessibility Service permissions — a powerful Android feature that allows enhanced control over the device. By gaining these permissions, the malware can:

  1. Perform actions on behalf of the user.
  2. Capture keystrokes to steal login credentials.
  3. Modify on-screen elements to bypass security measures.

Command and Control (C2) Mechanism

The malware leverages a sophisticated Domain Generation Algorithm (DGA) to establish communication with its command and control (C2) servers. This allows attackers to dynamically change server addresses, making it harder for security analysts to block malicious traffic.

Warning: Fake DeepSeek Android App Spreads Malware — Here's How to Stay Safe
DGA (Source – K7 Security Labs)

The malware stores crucial bot commands and server details in the following file: /data/data/com.vgsupervision_kit29/shared_prefs/main.xml.

How Users Can Protect Themselves

To stay safe from threats like OctoV2, users should take the following precautions:

  • Download Apps Only from Trusted Sources: Stick to official app stores like Google Play to minimize risks.
  • Verify Application Details: Pay attention to developer names, reviews, and download counts before installing any app.
  • Avoid Clicking Suspicious Links: Phishing campaigns often rely on social media links, emails, or direct messages to lure victims.
  • Keep Your Device Updated: Regular security patches help protect devices from known vulnerabilities.
  • Use a Reputable Security Solution: Antivirus apps can detect and block malicious applications before they cause harm.

Final thoughts

The emergence of OctoV2 posing as DeepSeek is a stark reminder that even trusted names in technology can be exploited by cybercriminals. Staying vigilant and adopting safe browsing habits is crucial to safeguarding your personal data. By sticking to trusted sources, verifying app details, and maintaining up-to-date security solutions, users can better protect themselves from such threats.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Cyber infos
  • Website

Related Posts

Cyber news 4 Mins Read

Inside the ICC Cyber Attack: How Hackers Targeted Global Justice in 2025

July 3, 2025
Cyber news 3 Mins Read

Windows Defender Antivirus Bypassed: The Rising Threat of Direct Syscalls & XOR Encryption

April 12, 2025
Cyber news 4 Mins Read

Google Firebase Studio: The AI-Powered Dev Platform That Might Just Change Everything

April 10, 2025
Cyber news 3 Mins Read

AI-Powered Red Team Tactics: How Hackers Use AI & How to Defend Against It

March 31, 2025
Cyber news 4 Mins Read

Google Chrome Zero-Day Vulnerability Exploited: What You Need to Know

March 27, 2025
Cyber news 5 Mins Read

Beware of Fake Meta Emails: Phishing Campaign Targeting Ad Accounts

March 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Search
Recent post
  • Esse Health Data Breach: What Really Happened in 2025
  • Inside the ICC Cyber Attack: How Hackers Targeted Global Justice in 2025
  • Microsoft Ends Password Management in Authenticator App – What to Do
  • 10 Best Free Malware Analysis Tools–2025
  • Windows Defender Antivirus Bypassed: The Rising Threat of Direct Syscalls & XOR Encryption
  • Google Firebase Studio: The AI-Powered Dev Platform That Might Just Change Everything
Archives
Pages
  • About us
  • Contact us
  • Disclaimer
  • Privacy policy
  • Sitemaps
  • Terms and conditions
Facebook X (Twitter) Instagram Pinterest
  • About us
  • Contact us
  • Sitemaps
© 2025 Cyber infos - All Rights Reserved

Type above and press Enter to search. Press Esc to cancel.