Fake installers masquerading as popular AI tools, like OpenAI's ChatGPT, are being exploited to spread ransomware and destructive malware. Notable strains include CyberLock, which encrypts files, and Lucky_Gh0$t, a variant of the Yashma ransomware. Another threat, Numero, disrupts the Windows GUI, rendering systems inoperable. The campaign primarily targets business-to-business sales and marketing sectors, utilizing SEO techniques to promote fake websites, such as novaleadsai.com, that offer enticing, yet harmful, downloadable products.
"CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan Raghuprasad said in a report published today. "Lucky_Gh0$t ransomware is yet another variant of the Yashma ransomware, which is the sixth iteration of the Chaos ransomware series, featuring only minor modifications to the ransomware binary."
Numero, on the other hand, is a destructive malware that impacts victims by manipulating the graphical user interface (GUI) components of their Windows operating system, thereby rendering the machines unusable.
The legitimate versions of the AI tools are popular in the business-to-business (B2B) sales domain and the marketing sector, suggesting that individuals and organizations in these industries are the primary focus of the threat actors behind the campaign.
Collection
[
|
...
]