Cybercriminals Exploit AI Hype to Spread Ransomware and Malware

Crims defeat human intelligence with fake AI installers

Take care when downloading AI freebies, researcher tells The Register Criminals are using installers for fake AI software to distribute ransomware and other destructive malware. Cisco Talos recently uncovered three of these threats, which use legit-looking websites whose domain names vary the titles of actual AI vendors by just a letter or two. The software installers on the sites are poisoned with malware, including the CyberLock ransomware and a never-before-seen malware named "Numero" that breaks Windows machines. The Talos research follows a similar Mandiant report published this week that uncovered a new Vietnam-based threat group exploiting people's interest in AI video generators by planting malicious ads on social media platforms. The ads lead to fake websites laced with malware that steals people's credentials or digital wallets. "We believe we are observing an increase in cybercriminals misusing the names of legitimate AI tools for their malware or using fake installers that deliver malware," Talos research engineer technical lead Chetan Raghuprasad told The Register. Cybercriminals are misusing the names of legitimate AI tools to deliver malware "These criminals are distributing a variety of malware, including stealers, backdoors, RATs, ransomware, and destructive malware," he added. "Individuals, small-scale businesses, startups, and other users in established business sectors should evaluate the sources of the AI tools they download and install on their machines to avoid falling prey to such threats." Raghuprasad said his team ran across the CyberLock ransomware while researching fake installation files that crims claim are legitimate AI applications. The phony website on which they found the ransomware, novaleadsai[.]com, appeared at the top of a Google search. The name preys on people looking for the legitimate domain novaleads.app, which is run by a digital agency that monetizes sales leads. "Stop struggling with B2B sales: We can help you generate 480+ qualified calls in just 365 days," the scam website proclaims in large type. It also promises free access to the AI-based tool for a year. But when the user clicks on the "Get NovaLeads AI Now" button and downloads a ZIP archive, the fake AI product contains a .NET executable named "NovaLeadsAI.exe" that loads the PowerShell-based CyberLock ransomware. Whomever is behind CyberLock ransomware - Talos hasn't attributed it to a particular group or individual - has operated since at least February. The malware was compiled on February 2, which is the same day that someone created the fraudulent website, we're told. Once it runs, the ransomware targets sensitive business documents, personal information, and confidential databases. In addition to encrypting victims' documents, CyberLock can elevate privileges and re-execute itself with administrative privileges if needed. After encrypting sensitive files, the attacker demands a payment of $50,000 paid in the cryptocurrency Monero and specifies tells victims to communicate using an onionmail[.]org address that allows email to be encrypted and accessed on the Tor network. The criminal threatens to leak stolen data, however Talos didn't spot any signs of data exfiltration capability in the ransomware code. Plus, the ransom note also - oddly - claims that the extortion payment will be used to fund humanitarian aid efforts in Palestine, Ukraine, Africa, and Asia. Don't believe it, Raghuprasad said. "It seems to be merely propaganda or psychological manipulation aimed at reducing backlash and justifying their criminal actions," he noted. "In the past, ransomware groups like DarkSide and DoppelPaymer claimed that they donate portions of ransom to charitable organizations, but that has never happened." Talos hasn't spotted this ransomware infecting any Cisco customers, and the attacker doesn't have a leak site. All of these things make the miscreant more "challenging to track," according to Raghuprasad. "Therefore, we cannot determine exactly how many victims there are or the scope of this campaign," he said. "Still, we have observed that the fake AI installer tool the actor was using mimics a legitimate application that is utilized by B2B sector users, who are potential targets." Another ransomware-disguised-as-AI-installer aims to infect devices with Lucky_Gh0$t, a Yashma ransomware variant that can evade anti-virus detection and anti-malware scanners, delete volume shadow copies and backups, and uses AES-256 and RSA-2048 encryption to lockup victims' files. The ransomware disguises itself as a ChatGPT installer with the file name "ChatGPT 4.0 full version - Premium.exe." While Talos doesn't have a victim count for this scam, "the attack approach seems to be to spread the application with no specific target in mind, exploiting the popularity of the ChatGPT application, which is widely utilized by individuals and various business sectors," Raghuprasad said. The third AI-lure scam pwns victims' Windows computer with a previously unknown piece of malware that Talos named "Numero". It impersonates an AI video creation tool installer called InVideo AI. The fake installer contains a malicious Windows batch file, VB script, and a 32-bit Windows executable written in C++ with the file name 'wintitle.exe'. We're told crims compiled the malware on January 24. It manipulates the graphical user interface (GUI) components of victims' Windows operating systems and executes the script in an infinite loop, "corrupting the victim machine to become unusable," the Talos report says. "During our research, we did not observe any fake sites hosting the malware, but we believe it is a part of a trend where threat actors create fake copies of legitimate AI applications to exploit their popularity," Raghuprasad told The Register. ®

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan Raghuprasad said in a report published today. "Lucky_Gh0$t ransomware is yet another variant of the Yashma ransomware, which is the sixth iteration of the Chaos ransomware series, featuring only minor modifications to the ransomware binary." Numero, on the other hand, is a destructive malware that impacts victims by manipulating the graphical user interface (GUI) components of their Windows operating system, thereby rendering the machines unusable. The cybersecurity company said the legitimate versions of the AI tools are popular in the business-to-business (B2B) sales domain and the marketing sector, suggesting that individuals and organizations in these industries are the primary focus of the threat actors behind the campaign. One such fake AI solution website is "novaleadsai[.]com," which likely impersonates a lead monetization platform called NovaLeads. It's suspected that the website is promoted via search engine optimization (SEO) poisoning techniques to artificially boost its rankings in online search engines. Users are then urged to download the product by claiming to offer free access to the tool for the first year, with a monthly subscription of $95 thereafter. What gets actually downloaded is a ZIP archive containing a .NET executable ("NovaLeadsAI.exe") that was compiled on February 2, 2025, the same day the bogus domain was created. The binary, for its part, acts as a loader to deploy the PowerShell-based CyberLock ransomware. The ransomware is equipped to escalate privileges and re-execute itself with administrative permissions, if not already, and encrypts files located in the partitions "C:\," "D:\," and "E:\" that match a certain set of extensions. It then drops a ransom note demanding that a $50,000 payment be made in Monero into two wallets within three days. In an interesting twist, the threat actor goes on to claim in the ransom note that the payments will be allocated to support women and children in Palestine, Ukraine, Africa, Asia, and other regions where "injustices are a daily reality." "We ask you to consider that this amount is small in comparison to the innocent lives that are being lost, especially children who pay the ultimate price," the note states. "Unfortunately, we have concluded that many are not willing to act voluntarily to help, which makes this the only possible solution." The last step involves the threat actor employing the living-off-the-land binary (LoLBin) "cipher.exe" with the "/w" option to remove available unused disk space on the entire volume in order to hinder the forensic recovery of deleted files. Talos said it also observed a threat actor distributing the Lucky_Gh0$t ransomware under the guise of a fake installer for a premium version of ChatGPT. "The malicious SFX installer included a folder that contained the Lucky_Gh0$t ransomware executable with the filename 'dwn.exe,' which imitates the legitimate Microsoft executable 'dwm.exe,'" Raghuprasad said. "The folder also contained legitimate Microsoft open-source AI tools that are available on their GitHub repository for developers and data scientists working with AI, particularly within the Azure ecosystem." Should the victim run the malicious SFX installer file, the SFX script executes the ransomware payload. A Yashma ransomware variant, Lucky_Gh0$t targets files that are roughly less than 1.2GB in size for encryption, but not before deleting volume shadow copies and backups. The ransom note dropped at the end of the attack includes a unique personal decryption ID and instructs victims to reach out to them via the Session messaging app for a ransom payment and to obtain a decryptor. Last but not least, threat actors are also cashing in on the growing use of AI tools to seed the online landscape with a counterfeit installer for InVideo AI, an AI-powered video creation platform, to deploy a destructive malware codenamed Numero. The fraudulent installer serves as a dropper containing three components: A Windows batch file, a Visual Basic Script, and the Numero executable. When the installer is launched, the batch file is run through the Windows shell in an infinite loop, which, in turn, executes Numero and then temporarily halts it for 60 seconds by running the VB script via cscript. "After resuming the execution, the batch file terminates the Numero malware process and restarts its execution," Talos said. "By implementing the infinite loop in the batch file, the Numero malware is continuously run on the victim machine." A 32-bit Windows executable written in C++, Numero checks for the presence of malware analysis tools and debuggers among running processes, and proceeds to overwrite the desktop window's title, buttons, and contents with the numeric string "1234567890." It was compiled on January 24, 2025. The disclosure comes as Google-owned Mandiant revealed details of a malvertising campaign that utilizes malicious ads on Facebook and LinkedIn to redirect users to fake websites impersonating legitimate AI video generator tools like Luma AI, Canva Dream Lab, and Kling AI, among others. The activity, which was also recently exposed by Morphisec and Check Point earlier this month, has been attributed to a threat cluster the tech giant tracks as UNC6032, which is assessed to have a Vietnam nexus. The campaign has been active since at least mid-2024. The attack unfolds in this manner: Unsuspecting users who land on these websites are instructed to provide an input prompt to generate a video. However, as previously observed, the input doesn't matter, as the main responsibility of the website is to initiate the download of a Rust-based dropper payload called STARKVEIL. "[STARKVEIL] drops three different modular malware families, primarily designed for information theft and capable of downloading plugins to extend their functionality," Mandiant said. "The presence of multiple, similar payloads suggests a fail-safe mechanism, allowing the attack to persist even if some payloads are detected or blocked by security defences." The three malware families are below - STARKVEIL also serves as a conduit to launch a Python-based dropper codenamed COILHATCH that's actually tasked with running the aforementioned three payloads via DLL side-loading. "These AI tools no longer target just graphic designers; anyone can be lured in by a seemingly harmless ad," Mandiant said. "The temptation to try the latest AI tool can lead to anyone becoming a victim."

Cybercriminals exploit AI hype to spread ransomware, malware

Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware. These lures have become widely adopted by info-stealer malware operators and ransomware operations attempting to breach corporate networks. Cisco Talos researchers have discovered that the same technique is now followed by smaller ransomware teams known as CyberLock, Lucky_Gh0$t, and a new malware named Numero. The malicious payloads are promoted via SEO poisoning and malvertising to rank them high in search engine results for specific terms. CyberLock is PowerShell-based ransomware delivered through a fake AI tool website (novaleadsai[.]com) posing as the legitimate novaleads.app. Victims are lured by offers of a free 12-month subscription, leading them to download a .NET loader that deploys the ransomware. Once executed on the victim's machine, CyberLock encrypts files across multiple disk partitions, appending the .cyberlock extension on locked files. The ransom note demands a $50,000 ransom to be paid in the hard-to-trace Monero cryptocurrency, claiming that the funds will support humanitarian causes in Palestine, Ukraine, Africa, and Asia. Lucky_Gh0$t is a new ransomware strain derived from Yashma, which itself is based on the Chaos ransomware. Cisco analysts observed it being distributed as a fake ChatGPT installer ("ChatGPT 4.0 full version - Premium.exe") packaged in a self-extracting archive. The package includes legitimate Microsoft open-source AI tools alongside the ransomware payload, likely to evade antivirus detection. If executed, it encrypts files smaller than 1.2GB, appending random four-character extensions, while larger files are replaced with a same-size junk file and deleted. Victims of Lucky_Gh0$t receive a personal ID and are instructed to contact the attacker through the secure messenger platform Session for ransom negotiations and decryption. Finally, a new malware called Numero masquerades as an InVideo AI installer but is designed to attack Windows systems. The malware is delivered in a dropper containing a batch file, VB script, and an executable named wintitle.exe. It executes in an infinite loop, continuously corrupting the victim's graphical user interface by overwriting window titles, buttons, and content with the numeric string "1234567890." Although no data is destroyed or encrypted by Numero, the malware renders Windows systems it infects completely unusable. At the same time, the infinite loop it runs ensures the system is "locked" in this visually corrupted state. As more cybercriminals attempt to take advantage of people's growing interest in AI tools, caution is advised with files downloaded from dubious websites. It would be more prudent to stick to major AI projects instead of experimenting with new tools and source the installers from the official websites instead of following links from promoted results or social media posts.