Introducing the DMN Security Bite, brought to you by Mosyle, your go-to Apple Unified Platform. We specialize in ensuring Apple devices are work-ready and secure for enterprises. Our innovative management and security approach leverages advanced Apple-specific solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and exclusive Privilege Management, all integrated with the most robust and contemporary Apple MDM available. This results in a completely automated Apple Unified Platform, trusted by over 45,000 organizations to prepare millions of Apple devices effortlessly and affordably. Claim your EXTENDED TRIAL now and discover why Mosyle is your ideal partner for Apple management.
Are you getting tired of hearing about DeepSeek? The China-based LLM chatbot made waves this week, dominating the tech headlines and even clinching the #1 spot on the App Store, where it remains as of this writing. However, its swift rise in popularity has triggered an influx of new phishing scams, investment fraud, and macOS malware masquerading as genuine DeepSeek applications. Here’s the latest scoop.
You’re tuned into DMN Security Bite, where I share weekly insights on data privacy, discuss recent vulnerabilities, and illuminate emerging threats within Apple’s expansive ecosystem of over 2 billion active devices.
According to Cyble, a prominent cybersecurity solutions provider, several new scams are capitalizing on DeepSeek’s recent fame. These include cryptocurrency scams, where cybercriminals entice victims to scan QR codes to access their crypto wallets or present counterfeit investment opportunities. Numerous seemingly legitimate DeepSeek Mac installations have caught my attention, displaying convincing filenames; yet, herein lies the issue: DeepSeek does not provide a Mac app.
In addition to these phishing endeavors and false investment schemes, cybercriminals are now disseminating AMOS (or Atomic), one of the most notorious types of stealer malware in macOS, within DMG install files, falsely claiming to be a DeepSeek Mac application. Unlike other stealers, AMOS is coded in Apple’s Swift programming language and is compatible with various CPUs, including Intel and Apple Silicon. Its clever distribution model significantly enhances its success. The authors of this malware even market it as a subscription service for $1,000 monthly.
Fortunately, cyber experts have conducted in-depth dynamic and code-level analyses to unravel its functionality. Upon infection, the malware executes scripts to establish a command and control (C2) server with the attackers. This enables two-way communication with the compromised Mac, allowing commands to be issued and critical data to be sent back, typically including iCloud Keychain passwords, credit card details, sensitive files, and browser-stored crypto wallet keys.
Thanks to the release of macOS Sequoia, Apple has taken proactive measures to prevent users from executing malware on their Macs. Users utilizing Sequoia can no longer right-click to bypass Gatekeeper to open software not signed or notarized by Apple. However, as reported last year, hackers have found ways around this by instructing users to input malicious code directly into the Terminal app.
This very method is being exploited in the context of the counterfeit DeepSeek applications.
Here’s how the attack is executed:
- The target installs a malicious DMG file from a website, email, etc.
- The attacker guides the victim to launch Terminal and instead of right-clicking to install, instructs them to drag and drop the “.file” directly into the Terminal window.
- The innocuous-sounding “DeepSeek.file” is in reality loaded with harmful Bash scripts. Once dropped into the Terminal, it executes, leading to dire consequences for the victim.
DeepSeek is solely offering apps for iOS and Android. Any application urging you to drop files into the Terminal is definitely malicious.
Additionally, as a word of caution, it’s best to avoid downloading or interacting with DeepSeek altogether. This LLM chatbot operates from China and is thus subject to strict Chinese laws, including extensive censorship and unrestricted access to all collected data. Engaging with it poses significant privacy risks and could potentially facilitate future cyber-espionage activities against you.
I’m interested in your opinions. Are you concerned about the privacy implications associated with DeepSeek?
Follow Arin: LinkedIn, Threads,
BlueSky, X
Additional Updates in Apple Security
- The privacy issues surrounding DeepSeek have prompted investigations in both the US and Europe, leading to its removal from the App Store in Italy. It is likely this will extend to other nations as well.
- Security analysts have uncovered two vulnerabilities present in all current iPhones, iPads, and Macs, as well as older models. Identified as SLAP and FLOP, these flaws could allow attackers to view the current content of your open web tabs.
- A judge has restricted the FBI’s ability to sift through data obtained from tech giants like Apple, Google, and ISPs under the Foreign Intelligence Surveillance Act (FISA).
- Investigate how hackers continue to exploit Google Ads to spread malware. How, in 2025, can Google, with its advanced DeepMind technology and significant financial resources, still permit this to occur?
FTC: We utilize income-generating auto affiliate links. More.
