Fake DeepSeek TUI GitHub Repositories Deliver Malware
Key Takeaways Threat actors are distributing malware by impersonating popular AI tools, including DeepSeek TUI, on GitHub. Fake repositories mimic legitimate projects to trick developers and AI...
Key Takeaways
- Threat actors are distributing malware by impersonating popular AI tools, including DeepSeek TUI, on GitHub.
- Fake repositories mimic legitimate projects to trick developers and AI enthusiasts into downloading malicious 7z archives.
- The malware, identified as a Rust-written variant of the OpenClaw family, disables Windows Defender, establishes multi-stage persistence, and evades sandbox detection.
- Numerous other AI-themed installers, such as those for Claude, Grok, and WormGPT, are linked to the same attack infrastructure, indicating a broad campaign.
- Users are advised to rigorously verify GitHub repository authenticity and implement robust endpoint detection to mitigate risks.
Cybersecurity researchers have uncovered a new campaign where threat actors are exploiting the popularity of AI tools by creating counterfeit GitHub repositories to distribute malware. The latest target in this sophisticated scheme is DeepSeek TUI, a legitimate terminal-based intelligent agent designed for interacting with DeepSeek large language models.
Table Of Content
The timing of this attack aligns with a surge in interest following the release of DeepSeek v4 and widespread discussions by developer Hunter Bown within Chinese tech communities. This heightened visibility made DeepSeek TUI an attractive target for cybercriminals seeking to capitalize on trending AI software.
This tactic mirrors a growing trend in the developer ecosystem where malicious actors construct highly convincing fake GitHub repositories. These fraudulent pages are meticulously designed to resemble authentic projects, deceiving unsuspecting users into downloading malicious software. In this particular instance, the malware was embedded within a 7z compressed archive, presented as a standard software release on the fake repository’s Releases page.
Researchers at the QiAnXin Threat Intelligence Center were instrumental in detailing this campaign. They observed that the malware’s functionalities closely resemble those of OpenClaw, a previously documented spoofing attack that QiAnXin exposed in March 2026. The reuse of command-and-control (C2) domain names from the earlier OpenClaw campaign strongly suggests that the same threat actor is behind these ongoing and evolving operations.
A particularly alarming aspect of this campaign is the extensive array of fake AI-themed installer names associated with the same attack infrastructure. Beyond DeepSeek TUI, investigators discovered fraudulent files masquerading as popular tools like Claude, Grok, WormGPT, KawaiiGPT, and FraudGPT, among others, all pointing to a unified threat landscape.
Fake DeepSeek TUI Repository Used as Malware Delivery Point
Analysis of the malicious samples revealed a shared PDB path, “ClawCode.pdb,” linking all identified executables to a common Rust-written malware family. This consistent signature indicates a coordinated threat actor who systematically rotates spoofing targets to maximize impact.
The primary malware file in question, DeepSeek-TUI_x64.exe, with an MD5 hash of b96c0d609c1b7e74f8cb1442bf0b5418 and a compilation timestamp of April 29, 2026, initiates its malicious activities with a thorough environment check. This initial phase is designed to detect virtual machines, known analysis tools, or other suspicious system characteristics indicative of a sandbox environment. If such conditions are met, the malware displays a deceptive message, “Sorry, your system does not meet the minimum requirements,” and terminates silently to avoid detection.
Upon confirming it is operating on a genuine user system, the malware proceeds to disable critical Windows Defender protections. This is achieved through an XOR-encrypted PowerShell script that adds six folder exclusions, deactivates cloud-based reporting, halts behavior monitoring, and opens three inbound firewall ports: 57001, 57002, and 56001. The string decryption key “xnasff3wcedj” is used in the sample, and the malware subsequently retrieves second-stage payloads hosted on Azure from Pastebin and snippet.host links.
The downloaded second-stage components each play a distinct role in maintaining the attacker’s foothold. OneSync.exe and WinHealhCare.exe are responsible for installation, setting up scheduled tasks, and reporting back to the attackers via Telegram. The onedrive_sync.exe component ensures persistence by modifying the Windows Run registry key. Meanwhile, svc_service.exe functions as the core resident component, utilizing NT syscalls for thread injection and loading .NET assemblies directly into memory to evade traditional detection mechanisms.
Multi-Stage Persistence and Anti-Sandbox Evasion
The campaign’s sophisticated use of multiple persistence mechanisms significantly complicates the removal of the malware once a system has been compromised. The malicious code is designed to survive system reboots and other disruptions by leveraging scheduled tasks, registry Run keys, Winlogon hooks, and startup shortcuts.
A second-stage loader, autodate.exe, further enhances stealth by posing as a service manager while covertly injecting payloads into memory. The command-and-control (C2) domains identified in this operation are mikolirentryifosttry.info and zkevopenanu.cfd.
What You Should Do
- Verify Repository Authenticity: Always scrutinize GitHub repositories before downloading any files. Check the account age, commit history, and the number of genuine contributors. Look for official links from the project’s primary website.
- Exercise Caution with New/Trending Tools: Be especially wary of newly released or trending AI tools, as these are frequently targeted by threat actors.
- Implement Endpoint Detection and Response (EDR): Deploy EDR solutions capable of monitoring for memory injection techniques, unusual PowerShell activity, and unauthorized changes to security settings.
- Maintain Strong Security Practices: Keep operating systems and security software updated. Use robust antivirus and antimalware solutions.
- Educate Users: Inform developers and AI enthusiasts about the risks of downloading software from unverified sources and the importance of supply chain security.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| MD5 | b96c0d609c1b7e74f8cb1442bf0b5418 | DeepSeek-TUI_x64.exe (first-stage dropper) |
| MD5 | 7de2896e373342e0f3b765c855bf7396 | bbg_free_x64.exe |
| MD5 | 78c11c45c00a9c22f537c59a472beca1 | CatGatekeeper_x64.exe |
| MD5 | df36a31148d2c6414bdafeab771ea728 | CatGatekeeper_x64.exe |
| MD5 | 14920c9751d20452a1006d20b8e73234 | CatGatekeeper_x64.exe |
| MD5 | f6d328422e7ca22e70a6aa71315450f3 | CatGatekeeper_x64.exe |
| MD5 | 86c7f2a3c307928daaca7c1df3ea5d72 | CatGatekeeper_x64.exe |
| MD5 | dbaa133fd3d1a834460206d83b480f80 | ClaudeDesign-Optimized_x64.exe |
| MD5 | 22c0c7d441fd22432cfe7854b59ba82b | ClaudeDesign-Optimized_x64.exe |
| MD5 | a224f44bdac16250d8093df68e05b512 | DeepSeek-TUI_x64.exe |
| MD5 | 6861fa47889e0340ab7efaab448c56b6 | DeepSeek-TUI_x64.exe |
| MD5 | 437e4bdb12d7fa8d1c9a9e9db84b8726 | DeepSeek-TUI_x64.exe |
| MD5 | fbfe7513685913e6f878647eec429d45 | deepseek-v4-pro_x64.exe |
| MD5 | 562d48524313d414b5a419fed6ca10aa | DV4-MCP-Setup.exe |
| MD5 | df8a2e7aa46af996bdf67d79601671c3 | fraudGPT_x64.exe |
| MD5 | f101a346502a324320f952d39e217064 | fraudGPT_x64.exe |
| MD5 | 5d14461718b74b86fdd68c6aee801dc4 | GLM5-Local_x64.exe |
| MD5 | 556b35236eeb111b0606d88a7aa3fd87 | gpt-image-2-desktop.exe |
| MD5 | ff371b43786cbb87dab325ce17cf8b7c | gpt-image-2-desktop.exe |
| MD5 | 1bd1df4f228ecd29a9b6fab48beaa366 | GrokCLI_x64.exe |
| MD5 | 975bd8eb56716adbcadb5216592a17c7 | Hermes-Agent_x64.exe |
| MD5 | 347980085c8926d5a1ff8e15a31fd812 | Hermes-Agent_x64.exe |
| MD5 | 46917d8326d77e4e3c39cb843dbfc675 | KawaiiGPT_x64.cpl.exe |
| MD5 | b6f77b48223f57c67f00ccd8ab3d047e | KawaiiGPT_x64.exe |
| MD5 | 8dde7a417130ae78a3f2aeed1f5b8f58 | Kimi-K2.6_x64.exe |
| MD5 | 4c7abc81b308fc874ec0de4f026db260 | Kimi-K2.6_x64.exe |
| MD5 | 48dd212fae0086822d4ae7696cc61693 | LTX-2.3_x64.exe |
| MD5 | faa5f780fb0e0786dd1a2bd19af290ca | opus-4-7_x64.exe |
| MD5 | 6721f30d84f58532d877f2b31bfc9162 | opus-4-7_x64.exe |
| MD5 | a9d492ab22400257f756f0308e06f04c | worldmonitor_x64.exe |
| MD5 | d0a92b090279894f4628bc3d627fbde0 | WormGPT_x64.exe |
| MD5 | 397405106d895815a9bef8d84445af5a | OneSync.exe (two-stage component) |
| MD5 | b7a76b82c2a5e16a3c346cc6aa145556 | WinHealhCare.exe (two-stage component) |
| MD5 | f01e96a80f92c414dd824aef5a1ac1e7 | onedrive_sync.exe (two-stage component) |
| MD5 | ecb3e753b60cc0f3d7de50fe7f133e49 | svc_service.exe (two-stage component) |
| MD5 | 68ba5a1bafae7db35e2eee7ea3f11882 | autodate.exe (two-stage component) |
| MD5 | e102797eb4225a93eaeeaa6b9979716a | vicloud.exe (two-stage component) |
| Domain | mikolirentryifosttry.info | C2 command and control server |
| Domain | zkevopenanu.cfd | C2 command and control server |
| URL | hxxps://pastebin.com/raw/w6BVFFWQ | Primary payload staging link |
| URL | hxxps://pastebin.com/raw/5tmHDYrf | Secondary payload staging link |
| URL | hxxps://pastebin.com/raw/M6KthA5Z | Payload decompression password storage |
| URL | hxxps://snippet.host/beuskq/raw | Backup payload staging link |
| URL | hxxps://snippet.host/uikosx/raw | Backup payload password storage |
| URL | hxxps://hkdk.events/djbk1i9hp0sqoh | Telegram relay endpoint |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.