Cybercriminals are taking advantage of the rising interest in artificial intelligence by hiding ransomware inside software that appears to be legitimate AI business tools, recent security findings reveal.
This growing threat is aimed particularly at small businesses and entrepreneurs looking to adopt AI solutions, exposing them to significant risks at the intersection of innovation and cybersecurity.
Security researchers have uncovered campaigns in which malware is disguised within software mimicking trusted services like ChatGPT, Nova Leads, and InVideo AI. These attacks not only jeopardize sensitive business data and financial resources but also erode confidence in genuine AI technologies, potentially discouraging adoption.
According to Malwarebytes, several carefully coordinated attack patterns have been identified, underscoring the strategic nature of these operations. Threat actors have employed search engine optimization (SEO) poisoning to boost the visibility of their fake websites, increasing the chances of deceiving unsuspecting users.
In one case, attackers created a fake site modeled after Nova Leads, promoting a fraudulent “Nova Leads AI” product with a free one-year trial. Users who downloaded the tool instead activated CyberLock ransomware, which demanded $50,000 in cryptocurrency while falsely claiming the ransom would support humanitarian causes in regions like Palestine and Ukraine.
Another example involved the Lucky_Gh0$t ransomware, spread through a file titled “ChatGPT 4.0 full version – Premium.exe.” To evade detection, the file included genuine Microsoft open-source AI tools, making the malicious software appear credible.
Infection Mechanism Overview
These attacks rely on a mix of social engineering and advanced technical evasion. The fake ChatGPT installer, in particular, uses authentic Microsoft components within the malware package to create a blended executable. This strategy allows the ransomware to pass early security checks while maintaining a persistent presence on the system.
The tactics reflect an increasing level of sophistication in ransomware distribution, showing how cybercriminals are evolving to bypass traditional defenses and exploit trust in emerging technologies.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
