Cybercriminals are exploiting the popularity of DeepSeek-R1, a popular artificial intelligence chatbot, to distribute a sophisticated new malware strain targeting Windows users. The malware, known as “BrowserVenom,” targets users’ browsing infrastructure and establishes persistent network monitoring capabilities. The campaign begins with a malvertising campaign that places fraudulent websites at the top of Google search results when users search for “deepseek r1”. The malware reconfigures all browser instances to route traffic through an attacker-controlled proxy server, allowing cybercriminals to intercept, monitor, and manipulate network communications. The infection process demonstrates sophistication through its multi-stage deployment and social engineering components.