Malware-Laden Installers Disguised as Popular Tools Threaten AI User Security

Fake installers for widely-used artificial intelligence (AI) tools, including OpenAI ChatGPT and InVideo AI, are being exploited to spread a variety of threats, among which are CyberLock and Lucky_Gh0$t ransomware variants, alongside a new malware known as Numero.

CyberLock ransomware, crafted in PowerShell, concentrates on encrypting designated files within the victim’s system. Similarly, Lucky_Gh0$t, which is a variant of the Yashma ransomware from the Chaos ransomware lineage, contains only minor alterations compared to its predecessors.

In contrast, Numero is a damaging form of malware that disrupts users by manipulating the graphical user interface components of Windows, effectively rendering infected systems non-functional.

The popularity of legitimate AI tools within the B2B sales and marketing sectors has attracted threat actors targeting individuals and organizations in these fields. An example of a fraudulent AI solution is the domain “novaleadsai[.]com,” which likely masquerades as a lead monetization platform named NovaLeads. It is believed that the site is enhanced through search engine optimization poisoning methods aimed at artificially inflating its visibility in search engine results.

Users are prompted to download a supposedly free product for the first year, with an extremely high subscription fee of $95 per month subsequently. However, the actual download consists of a ZIP archive containing a .NET executable named “NovaLeadsAI.exe,” which was compiled on the same day the domain was registered. This executable operates as a loader, subsequently deploying the CyberLock ransomware.

The ransomware is designed to elevate its privileges and to execute itself with administrative permissions if necessary. It targets and encrypts files in partitions “C:,” “D:,” and “E:” according to specific file types, before leaving a ransom note demanding a payment of $50,000 in Monero, within a three-day period.

Notably, the ransom note includes claims that the funds will be allocated to assist women and children in conflict-affected areas around the globe. The communication states: “This amount is minimal compared to the innocent lives that face dire consequences, especially children.”

Additionally, the threat actor employs the living-off-the-land binary “cipher.exe” with the “/w” option to overwrite available unused disk space on the drives, impeding any potential forensic recovery efforts of deleted files.

Research from Cisco Talos also highlighted the distribution of LuckyGh0$t ransomware disguised as a counterfeit installer for a premium version of ChatGPT. This malicious SFX installer includes various files, including a frequency of the LuckyGh0$t executable represented as ‘dwn.exe,’ which mimics the legitimate Microsoft process ‘dwm.exe.’

Should victims execute the malicious installer, the SFX script runs the ransomware payload, which specifically targets files less than 1.2GB in size and eliminates volume shadow copies and backups before commencing encryption.

The ransom note associated with this ransomware variant instructs victims to contact the attackers through the Session messaging app to negotiate decryption once they have made the demanded payment.

The exploitation of the surge in AI tool usage has also led to the emergence of a fake installer for InVideo AI, distributing the destructive malware known as Numero. This installer functions as a dropper containing a Windows batch file, a Visual Basic Script, and the Numero executable. Upon activation, the batch file initiates an infinite loop, executing and periodically pausing the Numero malware.

Numerically encoded within its process, Numero is a 32-bit executable developed in C++, designed to operate silently while suppressing its interface, instead of corrupting the desktop environment through the alteration of window titles.

Additionally, a recent report from Google-owned Mandiant unveiled a broader malvertising operation leveraging ads on platforms such as Facebook and LinkedIn to direct users to spoofed websites representing authentic AI video generation tools like Luma AI and Canva Dream Lab.

This malicious campaign has been linked to a threat actor group identified by Mandiant as UNC6032, believed to have connections to Vietnam. The operation has been active at least since mid-2024 and aims at deceiving unsuspecting users into generating videos, subsequently downloading a Rust-based dropper known as STARKVEIL.

This dropper is responsible for deploying various modular malware families designed for data exfiltration and is built to ensure that some components remain operational, even if certain transmissions are detected and blocked.

Among the payloads delivered by STARKVEIL are:
– GRIMPULL: A downloader utilizing a TOR tunnel to retrieve additional .NET payloads.
– FROSTRIFT: A backdoor facilitating the collection of system details and scanning for sensitive browser extensions.
– XWorm: A remote access trojan equipped with capabilities for keylogging, command execution, and user notifications.

Furthermore, STARKVEIL acts as a facilitator for another Python-based dropper named COILHATCH to activate these payloads via DLL side-loading.

Amidst the susceptibility of users to counterfeit AI tools, Mandiant emphasizes that the allure of new technologies can compromise even the most cautious individuals, perpetuating the risks associated with such nefarious schemes.