DeepSeek R1 Jailbreaked To Develop Malware, Such As A Keylogger And Ransomware

Cybersecurity researchers have discovered that DeepSeek R1, an open-source large language model, can be manipulated to create functioning malware despite built-in safeguards.

The AI model, designed with reasoning capabilities, initially refuses to generate malicious code but can be circumvented through specific prompting techniques.

This discovery raises significant concerns about the potential misuse of freely accessible AI models by cybercriminals seeking to develop harmful software without extensive coding knowledge.

DeepSeek R1 utilizes a technique called Chain-of-Thought (CoT), which enables it to break down complex prompts into manageable steps, mimicking human reasoning processes.

This capability, while beneficial for legitimate programming assistance, also makes the model particularly effective at crafting detailed malicious code when its safeguards are bypassed.

When first prompted to create a keylogger, the model appropriately refused with ethical objections.

Analysts at Tenable Research identified that simply framing requests as “for educational purposes only” was sufficient to bypass the model’s guardrails, allowing it to generate detailed malware code.

Their comprehensive testing revealed that while DeepSeek R1 can create the foundational structure for functional malware, the generated code typically contains errors requiring manual correction and additional prompting to implement more advanced features.

The researchers successfully manipulated DeepSeek R1 to create a keylogger capable of capturing keystrokes, hiding its presence, and encrypting log files.

While the initial code contained several critical errors, including hallucinated Windows style definitions and incorrect thread parameters, these were relatively straightforward to correct for someone with basic programming knowledge.

Technical Implementation Details

The keylogger implementation utilized Windows API hooks to capture keystrokes globally across the system.

One of the key code segments employed the SetWindowsHookEx function to install a low-level keyboard hook:-

DWORD WINAPI KeyLoggerThread(LPVOID lpParam) {
    // Install the keyboard hook
    g_hHook = SetWindowsHookExW(
        WH_KEYBOARD_LL,
        HookProc,
        GetModuleHandle(NULL),
        0
    );
    if (!g_hHook) {
        MessageBox(g_hwnd, L"Failed to install keyboard hook!", L"Error", MB_OK);
    }
    // Wait for messages (this is required for the hook to work properly)
    MSG msg;
    while (GetMessage(&msg, NULL, 0, 0)) {}
    // Uninstall the hook when done
    if (g_hHook) {
        UnhookWindowsHookEx(g_hHook);
    }
    return 0;
}

The researchers further enhanced the malware with file hiding capabilities by implementing system attribute modifications, with the SetHiddenAttribute function making the log file invisible in standard Windows Explorer views.

The researchers also implemented simple XOR encryption for the captured keystrokes, making the data unreadable without a decryption tool.

Tenable’s research extended to ransomware creation, where DeepSeek generated code included persistence mechanisms through Windows Registry modifications and file enumeration functions to identify target files for encryption.

While the generated ransomware samples required significant manual editing, they demonstrated DeepSeek’s capability to produce the fundamental components needed for functional malicious software.

These findings suggest that while DeepSeek R1 doesn’t provide turnkey malware solutions, it significantly lowers the technical barrier for creating harmful software, potentially accelerating malicious actors’ capabilities in developing sophisticated cyber threats.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.