Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has discovered new threats, including the ransomware CyberLock, Lucky_Gh0$t, and a newly-discovered malware we call “Numero,” all of which masquerade as legitimate AI tool installers.

CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim’s system. The threat actor deceitfully claims in the ransom note that the payments will be allocated for humanitarian aid in various regions, including Palestine, Ukraine, Africa and Asia.

Lucky_Gh0$t ransomware is yet another variant of the Yashma ransomware, which is the sixth iteration of the Chaos ransomware series, featuring only minor modifications to the ransomware binary.

The newly-identified destructive malware, Numero, affects victims by manipulating the graphical user interface (GUI) components of their Windows OSs, rendering systems completely unusable.

To read the complete article see: Full Article