Hackers are once again targeting developers and AI enthusiasts by impersonating popular open-source tools on GitHub. This time, the target is DeepSeek TUI, a legitimate terminal-based intelligent agent that allows users to interact with DeepSeek large language models directly from the command line.
With the recent release of DeepSeek v4 and a widely shared post by developer Hunter Bown generating buzz across Chinese-language tech communities, the project quickly became a high-value spoofing target for threat actors looking to capitalize on trending AI software.
The attack follows a pattern that has grown increasingly common in the developer community. Cybercriminals create convincing fake repositories on GitHub that closely mimic the look and layout of a genuine project.
Unsuspecting users who land on these pages are tricked into downloading what appears to be a legitimate tool. In this case, the malware was hidden inside a 7z compressed archive file sitting on the Releases page of the fraudulent repository, making it look like a standard software download.
Researchers at QiAnXin Threat Intelligence Center were the first to identify this campaign in detail. They noted that the malware’s features are nearly identical to a previously disclosed spoofing attack known as OpenClaw, which QiAnXin exposed in March 2026. The same malicious domain names used in that earlier campaign also appear in this one, pointing to the same threat actor operating in an ongoing and evolving capacity.
What makes this campaign particularly concerning is the sheer number of fake AI-themed installer names tied to the same attack infrastructure. Alongside DeepSeek TUI, researchers found counterfeit files posing as tools named after Claude, Grok, WormGPT, KawaiiGPT, fraudGPT, and several others.
Fake DeepSeek TUI Repository Used as Malware Delivery Point
Based on a shared PDB path called “ClawCode.pdb” found embedded in the samples, all of these malicious executables are linked to the same Rust-written malware family, suggesting a coordinated threat actor constantly rotating spoofing targets.
The primary malware file identified in this campaign is named DeepSeek-TUI_x64.exe, with an MD5 hash of b96c0d609c1b7e74f8cb1442bf0b5418 and a compilation timestamp of April 29, 2026. Before executing any malicious behavior, it runs an extensive environment check to determine whether it is running inside a sandbox.
If it detects signs of a virtual machine, known analysis tools, or suspicious system characteristics, it displays the message “Sorry, your system does not meet the minimum requirements” and quietly exits.
Once the malware confirms it is running on a real user machine, it proceeds to disable key Windows Defender protections using an XOR-encrypted PowerShell script.
It adds six folder exclusions, disables cloud-based reporting, turns off behavior monitoring, and opens three inbound firewall ports: 57001, 57002, and 56001. The string decryption key used in the sample is “xnasff3wcedj,” and the malware reaches out to Pastebin and snippet.host links to fetch Azure-hosted second-stage payloads.
The downloaded second-stage components each serve a specific role in maintaining the attacker’s access. OneSync.exe and WinHealhCare.exe handle installation and scheduled task setup while reporting back via Telegram.
The component onedrive_sync.exe ensures persistence through the Windows Run registry key. Meanwhile, svc_service.exe acts as the resident core, using NT syscalls for thread injection and loading .NET assemblies entirely in memory to avoid detection.
Multi-Stage Persistence and Anti-Sandbox Evasion
The campaign’s use of multiple persistence mechanisms makes it especially difficult to remove once a system is compromised. The malware can survive through scheduled tasks, registry Run keys, Winlogon hooks, and startup shortcuts.
The second-stage loader autodate.exe masquerades as a service manager while quietly injecting payloads into memory. The C2 domains used are mikolirentryifosttry.info and zkevopenanu.cfd.
Developers and security teams are strongly advised to verify the authenticity of any GitHub repository before downloading files, especially for AI-related tools that have gained sudden public attention.
Always check account age, commit history, and the number of genuine contributors before trusting a release. Endpoint detection tools that monitor memory injection techniques and unusual PowerShell activity can also help flag this type of threat early.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| MD5 | b96c0d609c1b7e74f8cb1442bf0b5418 | DeepSeek-TUI_x64.exe (first-stage dropper) |
| MD5 | 7de2896e373342e0f3b765c855bf7396 | bbg_free_x64.exe |
| MD5 | 78c11c45c00a9c22f537c59a472beca1 | CatGatekeeper_x64.exe |
| MD5 | df36a31148d2c6414bdafeab771ea728 | CatGatekeeper_x64.exe |
| MD5 | 14920c9751d20452a1006d20b8e73234 | CatGatekeeper_x64.exe |
| MD5 | f6d328422e7ca22e70a6aa71315450f3 | CatGatekeeper_x64.exe |
| MD5 | 86c7f2a3c307928daaca7c1df3ea5d72 | CatGatekeeper_x64.exe |
| MD5 | dbaa133fd3d1a834460206d83b480f80 | ClaudeDesign-Optimized_x64.exe |
| MD5 | 22c0c7d441fd22432cfe7854b59ba82b | ClaudeDesign-Optimized_x64.exe |
| MD5 | a224f44bdac16250d8093df68e05b512 | DeepSeek-TUI_x64.exe |
| MD5 | 6861fa47889e0340ab7efaab448c56b6 | DeepSeek-TUI_x64.exe |
| MD5 | 437e4bdb12d7fa8d1c9a9e9db84b8726 | DeepSeek-TUI_x64.exe |
| MD5 | fbfe7513685913e6f878647eec429d45 | deepseek-v4-pro_x64.exe |
| MD5 | 562d48524313d414b5a419fed6ca10aa | DV4-MCP-Setup.exe |
| MD5 | df8a2e7aa46af996bdf67d79601671c3 | fraudGPT_x64.exe |
| MD5 | f101a346502a324320f952d39e217064 | fraudGPT_x64.exe |
| MD5 | 5d14461718b74b86fdd68c6aee801dc4 | GLM5-Local_x64.exe |
| MD5 | 556b35236eeb111b0606d88a7aa3fd87 | gpt-image-2-desktop.exe |
| MD5 | ff371b43786cbb87dab325ce17cf8b7c | gpt-image-2-desktop.exe |
| MD5 | 1bd1df4f228ecd29a9b6fab48beaa366 | GrokCLI_x64.exe |
| MD5 | 975bd8eb56716adbcadb5216592a17c7 | Hermes-Agent_x64.exe |
| MD5 | 347980085c8926d5a1ff8e15a31fd812 | Hermes-Agent_x64.exe |
| MD5 | 46917d8326d77e4e3c39cb843dbfc675 | KawaiiGPT_x64.cpl.exe |
| MD5 | b6f77b48223f57c67f00ccd8ab3d047e | KawaiiGPT_x64.exe |
| MD5 | 8dde7a417130ae78a3f2aeed1f5b8f58 | Kimi-K2.6_x64.exe |
| MD5 | 4c7abc81b308fc874ec0de4f026db260 | Kimi-K2.6_x64.exe |
| MD5 | 48dd212fae0086822d4ae7696cc61693 | LTX-2.3_x64.exe |
| MD5 | faa5f780fb0e0786dd1a2bd19af290ca | opus-4-7_x64.exe |
| MD5 | 6721f30d84f58532d877f2b31bfc9162 | opus-4-7_x64.exe |
| MD5 | a9d492ab22400257f756f0308e06f04c | worldmonitor_x64.exe |
| MD5 | d0a92b090279894f4628bc3d627fbde0 | WormGPT_x64.exe |
| MD5 | 397405106d895815a9bef8d84445af5a | OneSync.exe (two-stage component) |
| MD5 | b7a76b82c2a5e16a3c346cc6aa145556 | WinHealhCare.exe (two-stage component) |
| MD5 | f01e96a80f92c414dd824aef5a1ac1e7 | onedrive_sync.exe (two-stage component) |
| MD5 | ecb3e753b60cc0f3d7de50fe7f133e49 | svc_service.exe (two-stage component) |
| MD5 | 68ba5a1bafae7db35e2eee7ea3f11882 | autodate.exe (two-stage component) |
| MD5 | e102797eb4225a93eaeeaa6b9979716a | vicloud.exe (two-stage component) |
| Domain | mikolirentryifosttry.info | C2 command and control server |
| Domain | zkevopenanu.cfd | C2 command and control server |
| URL | hxxps://pastebin.com/raw/w6BVFFWQ | Primary payload staging link |
| URL | hxxps://pastebin.com/raw/5tmHDYrf | Secondary payload staging link |
| URL | hxxps://pastebin.com/raw/M6KthA5Z | Payload decompression password storage |
| URL | hxxps://snippet.host/beuskq/raw | Backup payload staging link |
| URL | hxxps://snippet.host/uikosx/raw | Backup payload password storage |
| URL | hxxps://hkdk.events/djbk1i9hp0sqoh | Telegram relay endpoint |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
