Cybercriminals are exploiting the popularity of AI by distributing malware disguised as AI solution installers. Three threats have been identified: CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered destructive malware called Numero. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, masquerading as a ChatGPT installer. Numero, imitating an AI video creation tool, manipulates Windows GUI components, rendering systems unusable. These threats primarily target B2B sales, technology, and marketing sectors. The attackers use SEO manipulation and various distribution channels to deceive victims. Organizations are urged to exercise caution and verify sources when downloading AI tools. Author: AlienVault
Related Tags:
Numero
Lucky_Gh0$t
CyberLock
seo manipulation
T1218.011
T1497.001
ai
T1036.005
T1070.004
Associated Indicators:
507103BF93E50A8B7B2944C402F1403402E2F607930FA7822BB64236C1FBA23A
F1E3AEFA9B6564753A12EF53F9186EFD000DFECA2AB6C24D764B65E43070DEC0
4800A4E6EDDEF216E4EEDEE5F4038DEEF07193F4051C345D32C113CE47C81DB0
7DE095A011A3DCD48F806DCB6A48D5262E06BEC2D63D828B85436F79C83BCD70
5599396D79B511FA6B86BF4222550C9B3C09F988CCE8C080AE520AE9BFC4F7D0
E1C4603D8354BB53E9BA93B860DB6AE853D64BCE0FE25A37033BFE260EA63F23
2381929126D3EB17402D77103F6E07A272A6FAD54EC64225A6D5E1F31FF057AC
E019C6F094965C3BCCC0A7BA09BFB09C4FF7059795DA5B66B6E7A7C0AC8EF7EF
6FE71EF1F1EF533F93149EB8491687D31C2E2D41490D06DE58720F682132C94E