- Fake AI tools climbing on search singer to spread ransomware and malware
- Cyber criminals are targeted at technical marketing and B2B users with cloned installers
- Talos has revealed threats using branding -tricks and search manipulation tactics
Cyber criminals are already using AI to make phishing -e -emails more compelling, and now the search engine results manipulating -to spread malware disguised as AI tools.
New research from Cisco Talos claims that these fake downloads appear to be legitimate software, often promoted through search engines and social platforms and are predominantly targeted at users in tech, marketing and B2B selling industries.
Talos recently revealed several threats that were distributed in this way, including ransomware -Families Cyberlock and Lucky_GH0 $ T, as well as a destructive new malware called Numero.
SEO manipulation
Talos says these threats use well -known branding, fake sites and misleading metadata to trick users to download and run infected software.
In one case, attackers created a clone of a well -known AI service, “Novaleads” and used SEO manipulation to rank the false place near the top of the search results.
When the victims downloaded what seemed to be the legitimate installer, the cyberlock ransomware performed, written in Powershell, which encrypted targeted files and required a $ 50,000 ransom in Monero. The ransom -note mistakenly claimed that the payment would finance humanitarian assistance.
Lucky_gh0 $ T Ransomware, another discovery, was assembled with real Microsoft AI tools inside a self -spraying archive called “Chatgpt 4.0 Full Version – Premium.exe.” Once executed, it encrypted the files less than 1.2 GB and deleted or destroyed larger.
The newly identified malware, Numero, is especially destructive. Explained as an installation program for a video -i tool, it repeatedly runs a loop that destroys Windows interface by overwriting GUI elements with numeric strings, making systems useless.
These campaigns are taking advantage of the growing demand for AI software and target sectors that are most likely to adopt these tools quickly. With data centers, companies and individuals are increasingly dependent on AI platforms, the potential damage is growing from such threats.
Talos warns users to be careful when searching for AI tools online and only downloading software from trusted suppliers.
