National Computer Virus Emergency Response Center Warning: Trojan Risk of Fighting the "DeepSeek" APP-中国通讯社

CCTV.com News: According to the National Computer Virus Emergency Response Center, the National Computer Virus Emergency Response Center and the National Engineering Laboratory of Computer Virus Prevention and Control Technology have recently captured and found an Android platform mobile Trojan virus that counterfeits the DeepSeek official app in my country based on the National Computer Virus Collaborative Analysis Platform.

Once the user clicks to run the counterfeit app, the app will prompt the user to "need application updates" and induce the user to click the "Update" button. After the user clicks, he will prompt to install the so-called "new version" DeepSeek application, which is actually a sub-installation package containing malicious code, and will induce the user to grant his background permission to run and use accessibility services.

At the same time, the malicious app also includes malicious functions such as blocking user text messages, stealing address books, stealing mobile application lists, and malicious behaviors that infringe citizens' personal privacy information and preventing users from uninstalling. After analysis, this malicious app is a new variant of the Trojan virus of financial theft. Cyber criminals are likely to use the malicious app for telecommunications and network fraud activities, inducing users to install mobile Trojans that counterfeit DeepSeek from unofficial channels, posing a major threat to users' personal privacy and economic interests.

Since January 2025, the DeepSeek artificial intelligence big model released by Hangzhou In-depth Qiusuo Artificial Intelligence Basic Technology Research Co., Ltd. in my country has attracted widespread attention at home and abroad, and its official APP program ranks among the top in the mobile application market in many countries and regions around the world. This popularity has also been exploited by cybercriminals. The mobile Trojan that was discovered this time, the counterfeit DeepSeek mobile phone Trojan was created using simplified Chinese and is obviously aimed at Chinese users. Cyber criminals are likely to use the malicious APP for telecommunications and network fraud activities, inducing users to install mobile Trojans that counterfeit DeepSeek from unofficial channels, thus posing a major threat to users' personal privacy and economic interests.

In addition to the "DeepSeek.apk" of the counterfeit DeepSeek Android client, the National Computer Virus Collaborative Analysis Platform also found multiple virus sample files with files named "DeepSeek.exe", "DeepSeek.msi" and "DeepSeek.dmg". Since DeepSeek has not yet launched official client programs for the Windows platform and MacOS platform, the relevant files are all counterfeit programs. It can be seen that cybercriminals have used counterfeiting DeepSeek as a new way to spread the virus Trojan program. It is expected that viral Trojans of various artificial intelligence applications, including counterfeit DeepSeek, will continue to increase in the next period of time.

The National Computer Virus Emergency Response Center has issued the following precautions:

Do not download the app from network links or QR codes that are transmitted through non-official channels such as text messages, social media software, network disks, etc., and only download and install the corresponding app through the DeepSeek official website or the regular mobile application store.

Keep the pre-installed security protection function or third-party mobile phone security software on the mobile phone in real time, and keep the mobile phone operating system and security software updated to the latest version.

When using the mobile phone, be cautious when handling App installation requests initiated by non-users. Once you find that the App initiates permission requests for device manager, background operation and use of accessibility functions during the installation process, you should reject them.

If you encounter an App program that cannot be uninstalled normally after installation, you should immediately back up important data such as address book, text message, photos, chat records, document files, etc. in your phone, and safely detect and restore the phone under the guidance of after-sales service staff or professionals of the mobile phone manufacturer. At the same time, pay close attention to whether your social media software and financial software have abnormal login information or abnormal operation information, and whether relatives and friends have received abnormal information sent by their mobile phone number or social media software. Once the above-mentioned relevant situations occur, you should contact the relevant software suppliers and relatives and friends in time to explain the relevant situation.

Beware of and prevent telecommunications and network fraudulent tactics targeting popular App software, such as "Due to abnormal service of XXX software official website, please download the official application through the following link", "Because XXX software is updated to the latest version, users need to re-grant the background operation and accessibility permissions" and so on, to avoid being induced by cybercriminals.

For suspicious files that have been downloaded, you can access the National Computer Virus Collaborative Analysis Platform for uploading and testing.