Hackers have intensified their attacks on developers and AI enthusiasts by crafting counterfeit GitHub repositories. Their latest target is the popular terminal-based tool DeepSeek TUI, which facilitates interaction with DeepSeek large language models directly through the command line.
Targeting Popular AI Tools
The recent release of DeepSeek version 4, along with a viral post by developer Hunter Bown, has garnered significant attention within Chinese tech communities. This surge in popularity has made the project a prime target for cybercriminals aiming to exploit trending AI technologies.
These threat actors employ a strategy that has become increasingly prevalent in the developer world. They create fake GitHub repositories that closely resemble authentic projects, luring unsuspecting users into downloading malicious software. In this instance, malware was disguised within a 7z compressed archive on the repository’s Releases page, mimicking a legitimate software download.
Identifying the Threat
The QiAnXin Threat Intelligence Center was the first to uncover this malicious campaign. Their research revealed that the malware’s characteristics closely resemble an earlier spoofing attack, OpenClaw, exposed by QiAnXin in March 2026. The use of the same malicious domain names suggests the same threat actor is operating with evolving tactics.
This campaign’s alarming aspect is the multitude of fake AI-themed installer names tied to the same attack infrastructure. Alongside DeepSeek TUI, there are counterfeit files named after AI tools such as Claude, Grok, WormGPT, and others, indicating a coordinated effort by the attackers.
Malware Tactics and Prevention
Researchers discovered that all malicious executables are linked to a Rust-written malware family, identified by a shared PDB path “ClawCode.pdb.” The primary malware file, DeepSeek-TUI_x64.exe, undergoes an elaborate environment check to evade detection, exiting quietly if it detects a virtual environment or analysis tools.
Upon confirming it’s on a real user machine, the malware disables essential Windows Defender protections and reaches out to external links for second-stage payloads. These components ensure persistence and maintain the attacker’s access by exploiting Windows Run keys and other persistence mechanisms.
To combat these threats, developers and security teams are urged to verify the authenticity of GitHub repositories before downloading files. Scrutinizing account age, commit history, and contributor legitimacy can prevent falling prey to these attacks. Additionally, endpoint detection tools that monitor unusual PowerShell activity and memory injection can provide early warnings of such threats.
Indicators of Compromise (IoCs) include a range of MD5 hashes for various malicious components and domain names used for command and control communications. It’s crucial for security professionals to be aware of these indicators to mitigate risks effectively.
As cyber threats continue to evolve, staying informed and vigilant is key to protecting valuable digital assets. Following cybersecurity best practices and continuously updating security protocols can help safeguard against these sophisticated attacks.
