Cybercriminals camouflaging threats as AI tool installers

SUMMARY :

Cybercriminals are exploiting the popularity of AI by distributing malware disguised as AI solution installers. Three threats have been identified: CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered destructive malware called Numero. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, masquerading as a ChatGPT installer. Numero, imitating an AI video creation tool, manipulates Windows GUI components, rendering systems unusable. These threats primarily target B2B sales, technology, and marketing sectors. The attackers use SEO manipulation and various distribution channels to deceive victims. Organizations are urged to exercise caution and verify sources when downloading AI tools.

OPENCTI LABELS :

powershell,ransomware,ai,seo manipulation,lucky_gh0$t,fake installers,numero


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Cybercriminals camouflaging threats as AI tool installers