Cybercriminals camouflaging threats as AI tool installers

SUMMARY :

Cisco Talos has uncovered new threats disguised as legitimate AI tool installers, including CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly-discovered malware called Numero. These threats exploit the increasing popularity of AI across various industries. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, distributed as a fake ChatGPT installer. Numero, masquerading as an AI video creation tool, manipulates the Windows GUI, rendering systems unusable. Threat actors are using SEO poisoning and social media to distribute these fraudulent installers, targeting businesses in B2B sales, technology, and marketing sectors. Organizations must exercise caution and rely on reputable vendors to avoid falling prey to these malicious campaigns.

OPENCTI LABELS :

ransomware,seo poisoning,chaos,yashma,cyberlock,technology sector,b2b sales,ai tools,lucky_gh0$t,marketing sector,fake installers,numero


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Cybercriminals camouflaging threats as AI tool installers