Fake AI Business Tools Spreading Hidden Ransomware

As small businesses increasingly adopt artificial intelligence (AI) tools to streamline operations, cybercriminals are seizing the opportunity to deploy ransomware through deceptive campaigns.

According to a recent report by Cisco Talos, attackers are masquerading as legitimate AI software providers, embedding malware within counterfeit applications that mimic popular services.

With 98% of small businesses using at least one AI-powered product and 40% leveraging generative AI, as per a survey by the US Chamber of Commerce and Teneo, these malicious lures represent a growing threat to sole proprietors and boutique firms.

Cisco Talos researchers warn that such tactics not only jeopardize sensitive data and financial assets but also erode trust in the legitimate AI market.

Cybercriminals Exploit AI Popularity

The sophistication of these attacks is evident in how cybercriminals craft fake websites and software installers that closely resemble trusted brands.

In one instance, a malicious website imitated Nova Leads, a lead monetization service, offering a fictitious “Nova Leads AI” product with a deceptive “free access” promise for 12 months.

Upon installation, users unknowingly deployed CyberLock ransomware, which spreads across networks and leaves a ransom note demanding $50,000 in cryptocurrency.

According to MalwareBytes Report, the attackers falsely claimed altruistic motives, stating the payment supports affected populations in conflict zones.

Adding to the danger, the fraudulent site exploited SEO poisoning techniques to rank high in search results, increasing the likelihood of unsuspecting victims stumbling upon it.

Similarly, another attack disguised Lucky_Gh0$t ransomware as “ChatGPT 4.0 full version Premium.exe,” blending legitimate open-source AI tools from Microsoft within the installer to evade antivirus detection, with the attackers candidly demanding money without pretense of noble intent.

Emerging Threats

A third campaign uncovered by Talos introduced a new malware dubbed “Numero,” embedded in software mimicking InVideo AI, a popular video generation tool.

While not classified as ransomware, Numero renders systems unusable, posing a severe operational threat.

These incidents highlight a broader trend of cybercriminals capitalizing on the AI boom, targeting small businesses eager to adopt innovative solutions.

The dual risk lies in both the immediate compromise of systems and the long-term damage to confidence in digital tools essential for modern business growth.

Protecting small businesses from such threats requires a proactive stance on cybersecurity.

Prioritizing prevention, firms should patch vulnerabilities in internet-facing software and secure remote access tools like RDP and VPNs with strong credentials or by disabling unused services.

Deploying always-on endpoint protection software can intercept threats before they infiltrate networks, while maintaining offsite, offline backups ensures data recovery without paying ransoms.

Regular testing of these backups is critical to swift restoration. Finally, after an attack, thorough removal of all traces of malware and attacker entry points is essential to prevent recurrence.

By staying vigilant and adopting these technical safeguards, small businesses can navigate the digital landscape with greater resilience against the evolving menace of ransomware hidden behind the promise of AI innovation.