Cisco Talos has uncovered new threats disguised as legitimate AI tool installers, including CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly-discovered malware called Numero. These threats exploit the increasing popularity of AI across various industries. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, distributed as a fake ChatGPT installer. Numero, masquerading as an AI video creation tool, manipulates the Windows GUI, rendering systems unusable. Threat actors are using SEO poisoning and social media to distribute these fraudulent installers, targeting businesses in B2B sales, technology, and marketing sectors. Organizations must exercise caution and rely on reputable vendors to avoid falling prey to these malicious campaigns. Author: AlienVault
Related Tags:
marketing sector
ai tools
b2b sales
technology sector
Numero
Lucky_Gh0$t
CyberLock
Marketing
chaos
Associated Indicators:
7F76985D5D50EB291293967BC986CD83A77281FD61E56355CF30A2ED7E52128E
352E51C42D5F5727A7C545752BF34D1F83F40219E7036C6959817149A51651BC
86BFB24C879D1BE9AE4FE21EE010798A5D00EF56ABABCC69DB9EA34D32200FCC
60A1749CE1EAE4FBA60547B0B357B998E0E522B51EDE187D6D3AC2A3B9ECF8C0
5A79EEF18E4E843139287298F41C24BC93E9D0793C48B9706BDABA6AA9DE82FD
C87503FEFE0CB8D8C177575A3F37280683C0DD0BA05212C2C7A7111E9B7DD1DF
A528D85369BBCEB665F167A0A84516E91E566832FB377A288DAAD05D3820CA78
FD34B2D67DF7B6F12498E15AE20548827A963DA9EC0B1D9F9B44AF9D815400F1
A96491EEAE6BB863943A3469645F152DF5803F18441B281BB713F9E9AE8F495C