- False IA tools rise to research rankings to spread ransomware and malware
- Cybercriminals target technological marketing and B2B users with cloned installers
- Talos has discovered threats that use brand tips and research manipulation tactics
Cybercriminals already use AI to make phishing emails more convincing, and now they handle the results of search engines to spread malware disguised as AI tools.
New research by Cisco Talos say that these false downloads seem to be legitimate software, often promoted via search engines and social platforms, and mainly target users in technological, marketing and B2B industries.
Talos recently discovered several threats distributed in this way, including families from Ransomware Cyberlock and Lucky_GH0 $ T, as well as a new destructive malware called number.
SEO manipulation
Talos says that these threats use a familiar brand, false websites and misleading metadata to encourage users to download and execute infected software.
In a case, the attackers created a clone of a known, “innovaleads” AI service and used the manipulation of the SEO to classify the false site near the search results.
When the victims downloaded what seemed to be the legitimate installer, he executed Cyberlock ransomware, written in PowerShell, which encrypt targeted files and required a ransom of $ 50,000 in Monero. The ransom note claimed that payment would finance humanitarian aid.
Lucky_GH0 $ T Ransomware, another discovery, has been grouped with real Microsoft AI tools inside a self -extract archive called “Chatgpt 4.0 full version – Premium.exe”. Once executed, he encrypted files less than 1.2 GB and deleted or corrupted the largest.
The newly identified malware, a number, is particularly destructive. Disguised as an AI video tool installer, he repeatedly performs a loop that corrupts the Windows interface by crushing graphical interface elements with digital channels, making systems unusable.
These campaigns exploit the growing demand for IA software and target sectors most likely to adopt these tools quickly. With data centers, companies and individuals who are increasingly dependent on AI platforms, the potential damage to these threats increases.
Talos warns users to be careful when looking for online AI tools and only download software from trust suppliers.
