Welcome to Fletch.ai, Fake DeepSeek Downloads, & Operation Secure

This week, your editor is Jordan_Zebor​ from the F5 Security Incident Response Team, diving into key advances in cybersecurity. From F5’s acquisition of Fletch.ai and its agentic AI, to INTERPOL’s takedown of infostealer malware, and Kaspersky’s discovery of BrowserVenom, the rapidly evolving threat landscape highlights the need for smarter defenses and global collaboration to safeguard the digital world. Let’s jump in!

F5 acquires Fletch.ai 

F5 has acquired Fletch.ai, integrating its agentic AI technology into the F5 Application Delivery and Security Platform (ADSP). Fletch’s AI transforms complex threat intelligence and logs into actionable insights, helping security teams prioritize critical threats, reduce alert fatigue, and act proactively. By delivering real-time recommendations like blocking malicious IPs or mitigating vulnerabilities, this integration equips organizations to manage sophisticated threats more effectively. The acquisition underscores F5’s push toward AI-driven security innovation, enabling faster, smarter responses in an increasingly complex cybersecurity landscape.

This integration not only strengthens security teams but also contributes to a better digital world by ensuring safer and more reliable application experiences for businesses and users alike. By combining agentic AI with F5’s expertise in securing apps, APIs, and infrastructure, organizations can mitigate threats before they impact operations, reducing downtime, preventing data breaches, and building trust in their digital services. As cyber threats get more advanced, F5’s improved platform lets businesses deliver faster, smarter, and safer digital solutions. This helps businesses innovate while protecting the global digital ecosystem.

Operation Secure

Between January and April 2025, INTERPOL spearheaded Operation Secure, a global initiative that dismantled over 20,000 malicious IPs and domains linked to 69 information-stealing malware variants. Collaborating with 26 countries, the operation successfully took down 79% of identified malicious IPs, seized 41 servers and 100GB of data, and arrested 32 individuals across various nations including Vietnam, Sri Lanka, and Nauru. The Hong Kong Police identified 117 command-and-control (C2) servers used for phishing and fraud campaigns. The targeted threats, such as Vidar, Lumma, and MetaStealer, are notorious for exfiltrating credentials, payment data, and cryptocurrency wallets, often sold via Malware-as-a-Service to facilitate ransomware, data breaches, and business email compromise (BEC). Private cybersecurity firms like Group-IB, Trend Micro, and Kaspersky contributed intelligence on compromised data and malware infrastructure.

For CISOs and security engineers, this operation underscores the importance of proactive defense strategies. Organizations that prioritize credential protection, implement multi-factor authentication (MFA), and strengthen anti-phishing measures are better equipped to combat infostealer threats. By investing in robust security mechanisms and user awareness initiatives, teams can reduce exposure, block attack vectors, and limit the effectiveness of malware campaigns.

Fake DeepSeek Downloads Deliver Proxy Malware

Kaspersky discovered a new malware distributed via phishing sites posing as a DeepSeek-R1 installer, promoted through Google Ads targeting LLM users. "BrowserVenom" reroutes browser traffic through an actor-controlled proxy, enabling attackers to monitor, manipulate, and inject content into user sessions. The malware modifies proxy settings in Chromium and Gecko-based browsers for persistence, disguising its delivery with fake CAPTCHA challenges. The attack infrastructure suggests ties to Russian-speaking actors and has infected systems in Brazil, Cuba, India, and more.

The campaign underscores the rising use of social engineering and search engine abuse to distribute malware. CISOs should focus on user education, browser security controls, and network traffic monitoring to detect unauthorized changes. Proactively blocking malicious ads, enforcing strict proxy management policies, and investing in tools to identify persistence mechanisms are critical steps to mitigate such threats.

That's it for This Week In Security. Thanks for reading and hope you enjoyed the content!