Hackers Use Fake DeepSeek TUI GitHub Repositories to Deliver Malware

Hackers are once again targeting developers and AI enthusiasts by impersonating popular open-source tools on GitHub. This time, the target is DeepSeek TUI, a legitimate terminal-based intelligent agent that allows users to interact with DeepSeek large language models directly from the command line.

With the recent release of DeepSeek v4 and a widely shared post by developer Hunter Bown generating buzz across Chinese-language tech communities, the project quickly became a high-value spoofing target for threat actors looking to capitalize on trending AI software.

The attack follows a pattern that has grown increasingly common in the developer community. Cybercriminals create convincing fake repositories on GitHub that closely mimic the look and layout of a genuine project.

Unsuspecting users who land on these pages are tricked into downloading what appears to be a legitimate tool. In this case, the malware was hidden inside a 7z compressed archive file sitting on the Releases page of the fraudulent repository, making it look like a standard software download.

Researchers at QiAnXin Threat Intelligence Center were the first to identify this campaign in detail. They noted that the malware’s features are nearly identical to a previously disclosed spoofing attack known as OpenClaw, which QiAnXin exposed in March 2026. The same malicious domain names used in that earlier campaign also appear in this one, pointing to the same threat actor operating in an ongoing and evolving capacity.

What makes this campaign particularly concerning is the sheer number of fake AI-themed installer names tied to the same attack infrastructure. Alongside DeepSeek TUI, researchers found counterfeit files posing as tools named after Claude, Grok, WormGPT, KawaiiGPT, fraudGPT, and several others.

Fake DeepSeek TUI Repository Used as Malware Delivery Point

Based on a shared PDB path called “ClawCode.pdb” found embedded in the samples, all of these malicious executables are linked to the same Rust-written malware family, suggesting a coordinated threat actor constantly rotating spoofing targets.

The primary malware file identified in this campaign is named DeepSeek-TUI_x64.exe, with an MD5 hash of b96c0d609c1b7e74f8cb1442bf0b5418 and a compilation timestamp of April 29, 2026. Before executing any malicious behavior, it runs an extensive environment check to determine whether it is running inside a sandbox.

If it detects signs of a virtual machine, known analysis tools, or suspicious system characteristics, it displays the message “Sorry, your system does not meet the minimum requirements” and quietly exits.

Once the malware confirms it is running on a real user machine, it proceeds to disable key Windows Defender protections using an XOR-encrypted PowerShell script.

It adds six folder exclusions, disables cloud-based reporting, turns off behavior monitoring, and opens three inbound firewall ports: 57001, 57002, and 56001. The string decryption key used in the sample is “xnasff3wcedj,” and the malware reaches out to Pastebin and snippet.host links to fetch Azure-hosted second-stage payloads.

The downloaded second-stage components each serve a specific role in maintaining the attacker’s access. OneSync.exe and WinHealhCare.exe handle installation and scheduled task setup while reporting back via Telegram.

The component onedrive_sync.exe ensures persistence through the Windows Run registry key. Meanwhile, svc_service.exe acts as the resident core, using NT syscalls for thread injection and loading .NET assemblies entirely in memory to avoid detection.

Multi-Stage Persistence and Anti-Sandbox Evasion

The campaign’s use of multiple persistence mechanisms makes it especially difficult to remove once a system is compromised. The malware can survive through scheduled tasks, registry Run keys, Winlogon hooks, and startup shortcuts.

The second-stage loader autodate.exe masquerades as a service manager while quietly injecting payloads into memory. The C2 domains used are mikolirentryifosttry.info and zkevopenanu.cfd.

Developers and security teams are strongly advised to verify the authenticity of any GitHub repository before downloading files, especially for AI-related tools that have gained sudden public attention.

Always check account age, commit history, and the number of genuine contributors before trusting a release. Endpoint detection tools that monitor memory injection techniques and unusual PowerShell activity can also help flag this type of threat early.

Indicators of Compromise (IoCs):-

Type	Indicator	Description
MD5	b96c0d609c1b7e74f8cb1442bf0b5418	DeepSeek-TUI_x64.exe (first-stage dropper)
MD5	7de2896e373342e0f3b765c855bf7396	bbg_free_x64.exe
MD5	78c11c45c00a9c22f537c59a472beca1	CatGatekeeper_x64.exe
MD5	df36a31148d2c6414bdafeab771ea728	CatGatekeeper_x64.exe
MD5	14920c9751d20452a1006d20b8e73234	CatGatekeeper_x64.exe
MD5	f6d328422e7ca22e70a6aa71315450f3	CatGatekeeper_x64.exe
MD5	86c7f2a3c307928daaca7c1df3ea5d72	CatGatekeeper_x64.exe
MD5	dbaa133fd3d1a834460206d83b480f80	ClaudeDesign-Optimized_x64.exe
MD5	22c0c7d441fd22432cfe7854b59ba82b	ClaudeDesign-Optimized_x64.exe
MD5	a224f44bdac16250d8093df68e05b512	DeepSeek-TUI_x64.exe
MD5	6861fa47889e0340ab7efaab448c56b6	DeepSeek-TUI_x64.exe
MD5	437e4bdb12d7fa8d1c9a9e9db84b8726	DeepSeek-TUI_x64.exe
MD5	fbfe7513685913e6f878647eec429d45	deepseek-v4-pro_x64.exe
MD5	562d48524313d414b5a419fed6ca10aa	DV4-MCP-Setup.exe
MD5	df8a2e7aa46af996bdf67d79601671c3	fraudGPT_x64.exe
MD5	f101a346502a324320f952d39e217064	fraudGPT_x64.exe
MD5	5d14461718b74b86fdd68c6aee801dc4	GLM5-Local_x64.exe
MD5	556b35236eeb111b0606d88a7aa3fd87	gpt-image-2-desktop.exe
MD5	ff371b43786cbb87dab325ce17cf8b7c	gpt-image-2-desktop.exe
MD5	1bd1df4f228ecd29a9b6fab48beaa366	GrokCLI_x64.exe
MD5	975bd8eb56716adbcadb5216592a17c7	Hermes-Agent_x64.exe
MD5	347980085c8926d5a1ff8e15a31fd812	Hermes-Agent_x64.exe
MD5	46917d8326d77e4e3c39cb843dbfc675	KawaiiGPT_x64.cpl.exe
MD5	b6f77b48223f57c67f00ccd8ab3d047e	KawaiiGPT_x64.exe
MD5	8dde7a417130ae78a3f2aeed1f5b8f58	Kimi-K2.6_x64.exe
MD5	4c7abc81b308fc874ec0de4f026db260	Kimi-K2.6_x64.exe
MD5	48dd212fae0086822d4ae7696cc61693	LTX-2.3_x64.exe
MD5	faa5f780fb0e0786dd1a2bd19af290ca	opus-4-7_x64.exe
MD5	6721f30d84f58532d877f2b31bfc9162	opus-4-7_x64.exe
MD5	a9d492ab22400257f756f0308e06f04c	worldmonitor_x64.exe
MD5	d0a92b090279894f4628bc3d627fbde0	WormGPT_x64.exe
MD5	397405106d895815a9bef8d84445af5a	OneSync.exe (two-stage component)
MD5	b7a76b82c2a5e16a3c346cc6aa145556	WinHealhCare.exe (two-stage component)
MD5	f01e96a80f92c414dd824aef5a1ac1e7	onedrive_sync.exe (two-stage component)
MD5	ecb3e753b60cc0f3d7de50fe7f133e49	svc_service.exe (two-stage component)
MD5	68ba5a1bafae7db35e2eee7ea3f11882	autodate.exe (two-stage component)
MD5	e102797eb4225a93eaeeaa6b9979716a	vicloud.exe (two-stage component)
Domain	mikolirentryifosttry.info	C2 command and control server
Domain	zkevopenanu.cfd	C2 command and control server
URL	hxxps://pastebin.com/raw/w6BVFFWQ	Primary payload staging link
URL	hxxps://pastebin.com/raw/5tmHDYrf	Secondary payload staging link
URL	hxxps://pastebin.com/raw/M6KthA5Z	Payload decompression password storage
URL	hxxps://snippet.host/beuskq/raw	Backup payload staging link
URL	hxxps://snippet.host/uikosx/raw	Backup payload password storage
URL	hxxps://hkdk.events/djbk1i9hp0sqoh	Telegram relay endpoint

Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.

The post Hackers Use Fake DeepSeek TUI GitHub Repositories to Deliver Malware appeared first on Cyber Security News.