Researchers force DeepSeek to write malware

📟 News

Date: 16/03/2025

According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware).

DeepSeek was released in January 2025 and caused a stir due to its vulnerability to jailbreaking techniques.

Similar to all major LLMs, DeepSeek has guardrails designed to prevent it from being used for malicious purposes, including malware creation. However, these restrictions can be easily circumvented.

When asked directly to write code for a keylogger or ransomware, DeepSeek refuses to do so claiming that it cannot help with potentially malicious or illegal tasks. But if you tell DeepSeek that the research is for “educational purposes only”, you can bypass its safeguards.

Tenable specialists successfully used jailbreaking techniques to fool the chatbot into writing malicious code; furthermore, they used a technique called Chain-of-Thought (CoT) to refine its results.

CoT reconstructs human thinking by breaking it down into sequential steps required to achieve the goal. In other words, CoT makes AI ‘thinking out loud’, thus, providing a step-by-step description of its reasoning process.

When researchers ‘nicely’ asked DeepSeek to write a keylogger, the AI ​​outlined an action plan and then produced some C++ code. This code was buggy, and the chatbot was unable to correct some of the errors and create a fully-functional malware without human intervention.

However, after a few manual interventions, the keylogger code generated by DeepSeek started working (i.e. intercepting user’s keystrokes). The researchers then used DeepSeek to further improve the resulting malware: now it can hide and encrypt its logs.

After being asked to develop some ransomware, DeepSeek first described the entire process and then managed to generate several samples of file encryption malware (although none of them could be compiled without manual fixes in the code).

Ultimately, the researchers managed to put some ransomware samples to work. The malware uses file enumeration and persistence mechanisms and even displays a ‘ransomware dialog’ box.

“At its core, DeepSeek can create the basic structure for malware. However, it is not capable of doing so without additional prompt engineering as well as manual code editing for more advanced features. For instance, DeepSeek struggled with implementing process hiding. We got the DLL injection code it had generated working, but it required lots of manual intervention. Nonetheless, DeepSeek provides a useful compilation of techniques and search terms that can help someone with no prior experience in writing malicious code the ability to quickly familiarize themselves with the relevant concepts,” – Tenable.

Related posts:
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework

According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…

Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims

According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…

Full article →
2025.01.29 — Google to disable Sync in older Chrome versions

Google announced that in early 2025, Chrome Sync will be disabled in Chrome versions older than four years. Chrome Sync enables users to save and sync their…

Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members

The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…

Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management

Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…

Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers

Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…

Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer

Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…

Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals

Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…

Full article →
2025.02.01 — Critical RCE vulnerability fixed in Cacti

A critical vulnerability has been discovered in the open-source Cacti framework: it enables an authenticated attacker to remotely execute arbitrary code. Vulnerability's ID is CVE-2025-22604; its…

Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack

Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…

Full article →