Threat actors have been leveraging bogus installers for several artificial intelligence platforms to facilitate compromise with the CyberLock and Lucky_Gh0$t ransomware payloads, as well as the novel Numero malware, The Hacker News reports.
CyberLock, which has been spread through a website impersonating the NovaLeads lead monetization platform, features privilege escalation and file encryption capabilities, with targets being demanded to pay $50,000 in Monero as ransom, which attackers claim would be given to support women and children in Palestine and other countries impacted by human rights injustices, according to an analysis from Cisco Talos. Another attacker used a counterfeit installer for ChatGPT Premium to lure targets into downloading the Lucky_Gh0$t ransomware, which is a Yashma ransomware variant that encrypts files less than 1.2 GB. On the other hand, Numero malware has been distributed through a fake installer for the AI-powered video creation tool InVideo AI. Such a development comes after various malicious payloads were reported by Mandiant to have been spread via fake AI video generation websites promoted on Facebook and LinkedIn ads.
CyberLock, which has been spread through a website impersonating the NovaLeads lead monetization platform, features privilege escalation and file encryption capabilities, with targets being demanded to pay $50,000 in Monero as ransom, which attackers claim would be given to support women and children in Palestine and other countries impacted by human rights injustices, according to an analysis from Cisco Talos. Another attacker used a counterfeit installer for ChatGPT Premium to lure targets into downloading the Lucky_Gh0$t ransomware, which is a Yashma ransomware variant that encrypts files less than 1.2 GB. On the other hand, Numero malware has been distributed through a fake installer for the AI-powered video creation tool InVideo AI. Such a development comes after various malicious payloads were reported by Mandiant to have been spread via fake AI video generation websites promoted on Facebook and LinkedIn ads.
