- FALSE RANKING RANKING RANKING RANKING RANKING RANSOMWARE AND MALWARE
- Cybercriminals are aimed at technological marketing and B2B users with cloned installers
- Talos has discovered threats that are using brand tricks and search manipulation tactics
Cybercriminals are already using AI to make phishing emails more convincing, and are now manipulating the results of search engines to spread malware disguised as AI tools.
A new research by Cisco Talos states that these false downloads seem to be legitimate software, often promoted through search engines and social platforms, and are predominantly directed to users in the technology, marketing and B2B sales industries.
Recently, Talos discovered several threats distributed in this way, including Ransomware Cyberlock and Lucky_gh0 $ T, as well as a new destructive malware called number.
SEO manipulation
Talos says that these threats use family brands, false websites and deceptive metadata to deceive users to discharge and execute infected software.
In one case, the attackers created a clone of a known AI service, “Novaleads”, and used SEO manipulation to classify the false site near the top of the search results.
When the victims discharged what seemed to be the legitimate installer, the Cyberlock ransomware, written in Powershell, who encrypted directed files and demanded a rescue of $ 50,000 in Monero. The rescue note falsely said that payment would finance humanitarian aid.
Lucky_GH0 $ t ransomware, another discovery, was included with real Microsoft Ai tools within a self -externace file called “full version of Chatgpt 4.0 – Premium.exe”. Once executed, he encrypted files smaller than 1.2GB and eliminated or corrupted the largest.
Just identified malware, number, is especially destructive. Swissing installer for a video AI tool, repeatedly runs a loop that corrupts the Windows interface overwriting Gui elements with numerical chains, unusable representation systems.
These campaigns exploit the growing demand for AI software and the objective sectors with the most likely to adopt these tools quickly. With data centers, companies and people that depend more and more on AI platforms, the potential damage of such threats is growing.
Talos warns users to be cautious when searching online tools and just downloading trusted suppliers.
