Cybercriminals are using fake AI tools and search engine optimization (SEO) tricks to distribute ransomware and malware, according to new research from Cisco Talos. The campaigns target professionals in technology, marketing, and B2B sales—sectors that are rapidly adopting AI solutions.
Malware Disguised as Legitimate AI Downloads
Talos found that attackers are creating fake websites that mimic well-known AI platforms. These sites use deceptive SEO techniques to rank high in search results, tricking users into downloading malicious software.
One such campaign involved a fake version of the AI platform “NovaLeads.” Victims who downloaded the installer instead ran a PowerShell-based variant of the CyberLock ransomware, which encrypted their files and demanded a $50,000 ransom in Monero. The attackers falsely claimed the ransom would be used for humanitarian aid.
Another threat, the Lucky_Gh0$t ransomware, was bundled with a fake Microsoft AI app. Disguised as “ChatGPT 4.0 Full Version – Premium.exe,” it encrypted files smaller than 1.2GB and damaged larger ones upon execution.
A newly discovered malware, Numero, poses an even greater threat. It pretends to be an AI video tool installer but instead corrupts the Windows interface by endlessly overwriting graphical elements with numeric strings, rendering systems unusable.
Rising Risks Amid AI Adoption
These attacks reflect a growing trend: cybercriminals leveraging the surge in demand for AI to distribute malware through search manipulation and brand impersonation. As businesses and individuals increasingly turn to AI platforms, Talos warns the risk of such attacks will continue to rise.
The report urges users to verify software sources and adopt strong cybersecurity practices, especially in industries rapidly integrating AI technologies.
Related Topics
- Why Is Technical SEO Crucial for Your Website’s Success?
- Study Finds SEO Still Influential in AI-Driven Search Era
- Google Technical SEO & Programmatic SEO Are Different
