Cybercriminals Use AI to Spread Malware Through Installers

Published Date : 30/05/2025 

Cybercriminals are using fake installers for popular AI tools like OpenAI ChatGPT and InVideo AI to spread ransomware and destructive malware, targeting users in the B2B sales and marketing sectors. 

Cybercriminals are exploiting the growing popularity of artificial intelligence (AI) tools by distributing malware-laden installers that pose as legitimate software. These fake installers are being used to propagate various threats, including the CyberLock and Lucky_Gh0$t ransomware families, as well as a new destructive malware called Numero.

According to a report by Cisco Talos researcher Chetan Raghuprasad, CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system. Lucky_Gh0$t ransomware, a variant of the Yashma ransomware, is the sixth iteration of the Chaos ransomware series, featuring only minor modifications to the ransomware binary.

Numero, on the other hand, is a destructive malware that impacts victims by manipulating the graphical user interface (GUI) components of their Windows operating system, rendering the machines unusable. The cybersecurity company noted that the legitimate versions of the AI tools are popular in the business-to-business (B2B) sales domain and the marketing sector, suggesting that individuals and organizations in these industries are the primary targets of the threat actors behind the campaign.

One such fake AI solution website is 'novaleadsai[.]com,' which likely impersonates a lead monetization platform called NovaLeads. The website is suspected to be promoted via search engine optimization (SEO) poisoning techniques to artificially boost its rankings in online search engines. Users are then urged to download the product by claiming to offer free access to the tool for the first year, with a monthly subscription of $95 thereafter. What gets actually downloaded is a ZIP archive containing a .NET executable ('NovaLeadsAI.exe') that was compiled on February 2, 2025, the same day the bogus domain was created. The binary acts as a loader to deploy the PowerShell-based CyberLock ransomware.

The ransomware is equipped to escalate privileges and re-execute itself with administrative permissions, if not already, and encrypts files located in the partitions 'C:\,' 'D:\,' and 'E:\' that match a certain set of extensions. It then drops a ransom note demanding a $50,000 payment in Monero into two wallets within three days. The threat actor claims in the ransom note that the payments will be allocated to support women and children in Palestine, Ukraine, Africa, Asia, and other regions where 'injustices are a daily reality.'

The last step involves the threat actor employing the living-off-the-land binary (LoLBin) 'cipher.exe' with the '/w' option to remove available unused disk space on the entire volume, hindering the forensic recovery of deleted files.

Talos also observed a threat actor distributing the Lucky_Gh0$t ransomware under the guise of a fake installer for a premium version of ChatGPT. The malicious SFX installer included a folder that contained the Lucky_Gh0$t ransomware executable with the filename 'dwn.exe,' which imitates the legitimate Microsoft executable 'dwm.exe.' The folder also contained legitimate Microsoft open-source AI tools available on their GitHub repository for developers and data scientists working with AI, particularly within the Azure ecosystem.

Should the victim run the malicious SFX installer file, the SFX script executes the ransomware payload. A Yashma ransomware variant, Lucky_Gh0$t targets files that are roughly less than 1.2GB in size for encryption, but not before deleting volume shadow copies and backups. The ransom note dropped at the end of the attack includes a unique personal decryption ID and instructs victims to reach out to the threat actor via the Session messaging app for a ransom payment and to obtain a decryptor.

Threat actors are also cashing in on the growing use of AI tools by seeding the online landscape with a counterfeit installer for InVideo AI, an AI-powered video creation platform, to deploy the destructive malware codenamed Numero. The fraudulent installer serves as a dropper containing three components: a Windows batch file, a Visual Basic Script, and the Numero executable. When the installer is launched, the batch file is run through the Windows shell in an infinite loop, which, in turn, executes Numero and then temporarily halts it for 60 seconds by running the VB script via cscript.

After resuming the execution, the batch file terminates the Numero malware process and restarts its execution. By implementing the infinite loop in the batch file, the Numero malware is continuously run on the victim machine. A 32-bit Windows executable written in C++, Numero checks for the presence of malware analysis tools and debuggers among running processes and proceeds to overwrite the desktop window's title, buttons, and contents with the numeric string '1234567890.' It was compiled on January 24, 2025.

The disclosure comes as Google-owned Mandiant revealed details of a malvertising campaign that utilizes malicious ads on Facebook and LinkedIn to redirect users to fake websites impersonating legitimate AI video generator tools like Luma AI, Canva Dream Lab, and Kling AI, among others. The activity, which was also recently exposed by Morphisec and Check Point earlier this month, has been attributed to a threat cluster the tech giant tracks as UNC6032, which is assessed to have a Vietnam nexus. The campaign has been active since at least mid-2024. 

Frequently Asked Questions (FAQS): 

Q: What are the main types of malware being spread through fake AI tool installers?

A: The main types of malware being spread through fake AI tool installers include CyberLock ransomware, Lucky_Gh0$t ransomware, and Numero destructive malware.

Q: How do cybercriminals lure users into downloading these fake installers?

A: Cybercriminals use fake websites and SEO poisoning techniques to make their fake installers appear legitimate. They often offer free access to popular AI tools for the first year, followed by a monthly subscription fee.

Q: What is the impact of the Numero malware on infected systems?

A: Numero is a destructive malware that manipulates the graphical user interface (GUI) components of the Windows operating system, rendering the machine unusable by overwriting the desktop window's title, buttons, and contents with a numeric string.

Q: How can users protect themselves from these fake AI tool installers?

A: Users should only download AI tools from official, trusted sources. They should also use reputable antivirus software and keep their systems and applications up to date with the latest security patches.

Q: What is the ransom demand for the CyberLock ransomware?

A: The ransom demand for the CyberLock ransomware is $50,000, which must be paid in Monero within three days. The threat actors claim that the payments will be used to support women and children in various regions affected by injustices. 

More Related Topics :