Cybercriminals are now disguising malware as popular AI tools and B2B platforms to target the tech, sales, and marketing industries, according to new findings by Cisco Talos.
In its latest threat research, Cisco Talos uncovered three major malware strains—CyberLock, Lucky_Gh0$t, and a newly identified threat called ‘Numero’—being distributed under the guise of legitimate AI software installers.
Chetan Raghuprasad, a cybersecurity researcher at Cisco Talos, revealed that attackers are deploying a mix of techniques, including SEO poisoning, to manipulate search rankings and lure victims to malicious sites. In addition to search engines, threat actors are also using Telegram and various social media messaging apps to expand their reach.
One example cited in the report involves a fake domain, novaleadsai[.]com, mimicking the real B2B lead platform novaleads.app, in an attempt to trick users into downloading infected files. CyberLock ransomware, hidden within these downloads, encrypts selected files and demands a $50,000 ransom—claiming the payment will support humanitarian causes in regions like Palestine, Ukraine, Africa, and Asia.
Another case involves Lucky_Gh0$t, a ransomware variant of Yashma, disguised as a fake ChatGPT installer labeled ChatGPT 4.0 full version – Premium.exe. The malware was bundled in a malicious SFX archive alongside real Microsoft open-source AI tools, increasing the chances of bypassing antivirus scans.
Meanwhile, the newly discovered malware, Numero, poses a different kind of threat by corrupting the graphical interface of Windows systems, effectively making them unusable. This strain is being circulated as a fake installer for InVideo AI—a tool commonly used to create marketing and social media videos.
Cisco Talos emphasized that these tactics are highly deceptive, putting businesses at risk of data breaches, financial loss, and diminished trust in authentic AI solutions.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
