CyberSecurity news

FlagThis

info@thehackernews.com (The@The Hacker News //
Cybercriminals are increasingly leveraging the popularity of Artificial Intelligence (AI) to distribute malware, targeting Windows users with fake installers disguised as legitimate AI tools. These malicious campaigns involve ransomware such as CyberLock and Lucky_Gh0$t, as well as a destructive malware called Numero. The attackers create convincing fake websites, often with domain names closely resembling those of actual AI vendors, to trick users into downloading and executing the poisoned software. These threats are primarily distributed through online channels, including SEO poisoning to manipulate search engine rankings and the use of social media and messaging platforms like Telegram.

CyberLock ransomware, for instance, has been observed masquerading as a lead monetization AI platform called NovaLeadsAI, complete with a deceptive website offering "free access" for the first year. Once downloaded, the ‘NovaLeadsAI.exe’ file deploys the ransomware, encrypting various file types and demanding a hefty ransom payment. Another threat, Numero, impacts victims by manipulating the graphical user interface components of their Windows operating system, rendering the machines unusable. Fake AI installers for tools like ChatGPT and InVideo AI are also being used to deliver ransomware and information stealers, often targeting businesses in sales, technology, and marketing sectors.

Cisco Talos researchers emphasize the need for users to be cautious about the sources of AI tools they download and install, particularly from untrusted sources. Businesses, especially those in sales, technology, and marketing, are prime targets, highlighting the need for robust endpoint protection and user awareness training. These measures can help mitigate the risks associated with AI-related scams and protect sensitive data and financial assets from falling into the hands of cybercriminals. The attacks underscore the importance of vigilance and verifying the legitimacy of software before installation.
Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijKu0FmdqbrEiLNGwr1wxTOs_BUEpaNVVr4zrAt9O7l9E4dcVp7XGfA-9nf75tvPHP5g0Nw-xK2rqtd5TnB_hyphenhyphen_wciQBNjO5zEMKWF7G8AuVoTHeKH_yb1o1PzYGzYKrv-8gXsH86ZaTJpcrLyF5WCEI7c24qauUwGTBvWOwcx27TE1EbiLuBbaj9bvuhR/s728-rw-e365/fake-ai.jpg
ImgSrc: blogger.googleu

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • cyberinsider.com: New Malware “Numero†Masquerading as AI Tool Wrecks Windows Systems
  • The Register - Software: Crims defeat human intelligence with fake AI installers they poison with ransomware
  • hackread.com: Fake ChatGPT and InVideo AI Downloads Deliver Ransomware
  • The Hacker News: Cybercriminals target AI Users with Malware-Loaded Installers Posing as Popular Tools
  • Security Risk Advisors: Cisco Talos discovers malware campaign exploiting #AI tool installers. #CyberLock #ransomware #Lucky_Gh0$t & new "Numero" malware disguised as legitimate AI installers.
  • cyberpress.org: Cisco Talos has uncovered several sophisticated malware families masquerading as legitimate artificial intelligence (AI) tool installers, posing grave risks to organizations and individuals seeking AI-powered solutions.
Classification:
  • HashTags: #AItools #Malware #Ransomware
  • Target: Windows users
  • Feature: AI Tool Installation
  • Malware: CyberLock, Lucky_Gh0$t, Numero
  • Type: Malware
  • Severity: Major