Talos reports malware claiming to be legitimate AI Tools

Cisco Talos has posted an interesting article about a new approach that they’re seeing criminals use to spread malware, specifically CyberLock, Lucky_Gh0$t and an interesting newcomer to the field that they’re calling “Numero”. The article done a fantastic job of summarizing the three malware packages, their delivery methods and a dive into their structure so I don’t want to belabor that here but I do want to highlight the obvious. In the same way that everyone seems to be noticing AI and jumping on the AI bandwagon, criminals and threat actors are also noticing the massive target pool that AI is drawing and finding ways to attack those targets and they’re using an interesting mixture of tech (software) and social engineering (SEO manipulation, effectively an appeal to authority) to lure targets eager to leverage the latest and greatest in AI into downloading and installing their wares.

Attacking systems by luring the target into clicking on and running malicious software is nothing new (think Elf Bowling) but the eagerness with which some people are diving headlong into AI is new and it’s being targeted quite effectively by these criminals. Talos distilled it as well as I believe it can be distilled in their article by noting “…organizations and users must exercise extreme caution, meticulously verify sources, and rely exclusively on reputable vendors to avoid falling prey to these threats…”.

Some good news for customers with a FortiGate (and likely most modern firewalls), the domain ‘novaleadsai[.]com’ is already blocked by FortiGuard’s Webfilter so connections to this domain should be blocked by default but remote devices could still be easy targets.

Additional Info:

• Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools
• Crims defeat human intelligence with fake AI installers they poison with ransomware
• Cybercriminals exploit AI hype to spread ransomware, malware

Need IT Support for your Home or Business? We’d love to help!

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently?  Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of?  Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe an  IT Service Company with a focus on helping small to medium business get the most out of their technology investment.  As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar.  We offer on-call, as needed support if you just need a quick fix or extra set of hands right now.  We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract.  We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know.  We look forward to the opportunity to earn your business.