Malicious Hackers Deceive Victims with Sham Tool Installers; Artificial Intelligence Systems such as ChatGPT are Prime Objectives
Cyber crooks are deceiving businesses with malware-laden AI tool installers. In a chilling new threat, these malicious programs disguise themselves as popular AI solutions to infiltrate B2B sales and technology sectors, as per recent research by Cisco Talos.
Chetan Raghuprasad, a cybersecurity researcher at Cisco Talos, highlights how cybercriminals are employing a multitude of techniques to target victims. These include SEO poisoning tactics, manipulating search engine rankings to place malicious sites at the top of results, and using Telegram, along with various social media messaging apps, to spread their malicious installers.
Victims unknowingly download these counterfeit tools, embedding malware within their systems. This covert action not only compromises sensitive business data and financial assets but also erodes trust in legitimate AI market solutions.
The masquerade begins with the CyberLock ransomware, which predominantly targets specific files on the victim's system. The ransom note deceptively claims that the $50,000 ransom payment will be donated for humanitarian aid across various regions, including Palestine, Ukraine, Africa, and Asia.
Recently, these attackers have created a fake AI solution website resembling the genuine one at novaleadsai[.]com, disguised as the authentic novaleads.app - a lead monetization platform.
Meanwhile, Lucky_Gh0$t, a Yashma ransomware variant, pretends to be a ChatGPT installer, while using the file name 'ChatGPT 4.0 full version - Premium.exe'. Raghuprasad explains that the malicious installer includes a folder containing the Lucky_Gh0$t ransomware executable, mimicking a legitimate Microsoft executable. The folder also houses genuine Microsoft open-source AI tools from their GitHub repository, designed for developers and data scientists working with AI, specifically within the Azure ecosystem.
Including legitimate tools in the SFX archive may help the malware evade detection by anti-malware file scanners, experts warn.
Lastly, the newly identified malware, Numero, impersonates the AI video creation tool installer, InVideo AI, a widely-used platform for marketing videos, social media content, explainer videos, and presentations. This manipulation compromises the graphical user interface (GUI) components of victims' Windows operating systems, rendering them entirely dysfunctional.
BONUS READS:
- AI hallucinations are being used to sneak malicious software packages onto enterprise repositories.
- Hackers are tricking developers with malware-laden coding challenges.
- Cyber criminals are 'poisoning' AI systems to make them malfunction.
[1] - CyberLock Ransomware: A Deceptive Strategy for Financial Exploitation - Threat Post[2] - Numero Ransomware: A New Variant Targeting Windows OS - Bleeping Computer[3] - Lucky_Gh0$t Ransomware: A Crafty Deception Targeting AI Enthusiasts - Trend Micro[4] - How Hackers are Exploiting Growing Demand for AI Solutions - Dark Reading[5] - Noodlophile Stealer: A Hidden Danger in the AI Video Generation World - CyberArk
- Cybersecurity researchers are cautioning businesses about the growing threat of AI-masquerading malware, such as the one used by cyber crooks in deceiving businesses with malware-laden AI tool installers, even going as far as creating fake AI solution websites to infiltrate the data-and-cloud-computing sectors.
- As technological advancements continue, artificial-intelligence-focused cybercriminals are employing increasingly creative tactics, including tricks like impersonating popular AI solutions and implementing legitimate AI tools in their malware, making them harder for technology defenders to detect and counteract.
