Security company: Beware of fake DeepSeek, over 2,000 phishing traps trick users into buying virtual assets

Odaily News According to the latest report from cybersecurity company Qi'anxin XLab, there are already 2,650 websites and phishing websites impersonating DeepSeek, and the number is still increasing rapidly. Users need to be highly vigilant. Impersonation websites use similar domain names and interfaces to mislead users, spread malware, steal personal information, or defraud subscription fees.
Qi'anxin XLab conducted a statistical analysis of domain name registrations from December 1, 2024 to February 3, 2025, and found that large-scale counterfeit DeepSeek domain name registration activities began on January 26, 2025 and peaked on January 28. Although the increase subsequently decreased, the number continued to increase.
These counterfeit domain names are mainly used for phishing fraud, domain name squatting, and traffic diversion. Phishing fraud mainly involves stealing user login credentials, misleading users with similar domain names and interfaces, and tricking users into buying virtual assets. In addition, 60% of these counterfeit domain names have resolved IP addresses in the United States, and the rest are mainly distributed in Singapore, Germany, Lithuania, Russia, and China, which means that potential security threats are more complex and diverse.
The scammers also launched various so-called "DeepSeek-powered" virtual coins (virtual currencies with no real value) with high-end functions, and even a website claiming that users can buy DeepSeek's internal original shares, which may cause users to suffer large financial losses. (Wenhui Daily)