• Cybercriminals are disguising ransomware and malware as fake AI software installers to exploit users seeking popular tools like ChatGPT or InVideo AI.
• Experts warn users to verify download sources carefully, as these attacks can encrypt files, steal data, or disable systems entirely.

AI Hype Becomes Bait for Ransomware and Malware Attacks

The growing fascination with artificial intelligence has opened new doors — not just for innovation, but also for cybercrime. According to Cisco Talos, malicious actors are capitalizing on the popularity of AI by distributing ransomware and malware through fake AI software installers.

These threats are disguised behind convincingly designed websites that mimic legitimate AI platforms, often differing by just a letter or two in their domain names. Once installed, the software delivers malware, including CyberLock ransomware and a destructive new variant called “Numero,” which disables Windows machines entirely.

CyberLock Demands Ransom with a Side of Deception

CyberLock ransomware has emerged as a particularly dangerous threat in this campaign. Delivered through a fake NovaLeads AI site (novaleadsai[.]com), it mimics the branding of a legitimate digital agency. Victims are enticed with promises of free access to a business tool, only to end up with ransomware that encrypts files and demands a $50,000 ransom in Monero cryptocurrency.

The ransomware also elevates its privileges to maximize its reach and damage. The attackers claim that the ransom will be used to fund humanitarian efforts — a manipulation tactic Talos researcher Chetan Raghuprasad dismisses as psychological propaganda.

Other Threats Mimic ChatGPT and InVideo AI

In another instance, attackers used a phony “ChatGPT 4.0 Premium” installer to deploy a variant of the Yashma ransomware known as Lucky_Gh0$t. This malware can bypass antivirus systems, delete backups, and encrypt files using AES-256 and RSA-2048 standards.

Also Read: Can Pepe (PEPE) Leap to the Top? ChatGPT Weighs In

A third discovery involves the malware “Numero,” which comes hidden in a fake InVideo AI installer. This malware corrupts the victim’s system by running a Windows “doomloop” — rendering the machine inoperable.

Stay Vigilant — AI Freebies Can Come at a Cost

Security experts warn users, especially in small businesses and the B2B sector, to verify the source of any AI tools they download. A moment of carelessness could lead to severe data loss, encryption, or full system failure.