Cybercriminals exploit AI hype to spread ransomware, malware

Cybercriminals are increasingly capitalizing on the excitement surrounding artificial intelligence by using AI-themed ploys to propagate ransomware and malware. This trend, which began with sophisticated threat actors, involves leveraging AI tools as bait to deliver harmful payloads to unsuspecting users. This method has been particularly proliferated by operators involved in ransomware and information-stealing malware as they target corporate networks.

Research by Cisco Talos has identified smaller ransomware groups like CyberLock, Lucky_Gh0$t, and a new malware called Numero that are adopting these tactics. These groups exploit search engine optimization (SEO) manipulation and malicious advertising to rank their harmful sites higher in search engine results, making them more likely to be accessed by potential victims.

An instance of such deception involves CyberLock ransomware presented through a deceptive AI tool website, impersonating a credible site and tempting users with a free subscription. Once executed, the ransomware encrypts files on the victim’s device, demanding a hefty ransom paid in Monero cryptocurrency under the guise of supporting humanitarian efforts globally.

Similarly, the Lucky_Gh0$t ransomware, derived from previous malicious software strains, is distributed as a phony ChatGPT installer that performs file encryption and demands ransom through secure messaging platforms. Numero, on the other hand, masquerades as an installer for InVideo AI and primarily aims to disrupt Windows systems by endlessly altering the graphical user interface, resulting in a locked and unusable state.

Given the rising interest in AI, these strategies signify a growing threat where cybercriminals exploit this fascination to deceive individuals into downloading malicious software. Users are advised to download only from official sources and remain vigilant against seemingly enticing but dubious AI tool offers found online.