Fake AI Installers Spread Ransomware and Data-Wiping Malware

Bogus apps hide CyberLock and Lucky_Gh0$t ransomware

A wave of counterfeit Fake AI Installers that pretend to be popular artificial-intelligence tools is making the rounds online, and security researchers warn that they are carrying far more than productivity promises. Analysts at Cisco Talos say the phony downloads bundle a pair of ransomware strains—CyberLock and Lucky_Gh0$t—that quietly scramble victims’ files and demand hefty cryptocurrency payments for the key.

CyberLock is built in PowerShell and goes straight for the files on the computer’s C, D and E drives. If the malicious program finds itself running with ordinary user rights, it tries to relaunch with full administrative privileges before locking up documents, pictures and other data. Victims then see a ransom note ordering them to send 50,000 dollars in Monero within three days. The note claims, with an air of moral justification, that the money will be forwarded to children and families caught in conflicts and disasters in places such as Palestine, Ukraine, and parts of Africa and Asia. Once the message appears, the ransomware invokes the legitimate Windows utility “cipher.exe” to wipe unused disk space, making file recovery by investigators considerably harder.

Lucky_Gh0$t, meanwhile, is a fresh spin on the long-running Chaos ransomware lineage (also known as Yashma in earlier versions). Hidden inside a self-extracting archive that masquerades as a premium ChatGPT installer, Lucky_Gh0$t aims for files smaller than about 1.2 gigabytes. Before it starts encrypting, it deletes shadow copies and backups, stripping away common recovery methods. The attackers label the malicious executable “dwn.exe,” a subtle play on Microsoft’s genuine “dwm.exe,” likely to deter casual inspection.

A new wiper called “Numero” cripples Windows PCs

Not all of the rogue AI installers are after money. One of them hides a piece of destructive software Talos has dubbed Numero. Packaged with a batch script and a Visual Basic file, Numero launches in an endless loop. Every 60 seconds the batch script stops and restarts the main program, ensuring it keeps running even if a user tries to shut it down. Written in C++ for 32-bit Windows systems, Numero looks for debuggers and analysis tools and then plays havoc with the Windows desktop: it overwrites window titles and buttons with the repeating string “1234567890,” making the computer unusable without a full rebuild.

How the scammers find their targets

Talos points to a fake site at “novaleadsai . com,” created on February 2 this year—the same day the installer it offers was compiled. The page pretends to promote free, year-long access to a lead-generation service, with a 95-dollar monthly fee kicking in after the trial. Search‐engine optimisation tricks appear to push the site near the top of AI-related queries, so business and marketing professionals hunting for new tools can stumble upon it without noticing anything amiss. Similar tactics turn up on social platforms as well; infected ads on Facebook and LinkedIn entice users with flashy banners promising cutting-edge AI video generators.

Ransom notes that preach charity

One curious twist sets CyberLock apart from many other extortion schemes. Instead of the usual cold demand for money, the note appeals to the victim’s conscience, insisting the payment is a “small amount” compared with the suffering of children in war zones and impoverished regions. The operators argue that forced donations are the only way to make people contribute. Cyber-crime veterans say such moral language is rare but not unheard of, occasionally surfacing when attackers hope to temper outrage and nudge victims toward paying quickly.

Mandiant spots a broader malvertising push

Google-owned Mandiant has traced a related campaign, tagged UNC6032, back to operators believed to be in Vietnam. Since the middle of 2024 these actors have bought social-media ads that steer users to look-alike sites for well-known AI video tools such as Luma AI, Canva Dream Lab and Kling AI. Visitors are asked for a text prompt to start making a video, but the code behind the page ignores the input. Instead it sneaks down a Rust-written loader the researchers call STARKVEIL.

STARKVEIL, in turn, drops three modular malwares on the victim’s machine. GRIMPULL uses the Tor network to fetch further payloads; FROSTRIFT, a backdoor built with .NET, gathers system details and hunts for browser extensions linked to password managers and crypto wallets; and XWorm, a familiar remote-access trojan, adds keylogging, screen-capture and command-execution features. A Python dropper nicknamed COILHATCH handles the heavy lifting, running the trio through a side-loading trick that evades some security tools. Having several separate implants increases the attackers’ odds of success if one is caught.

Staying safe when AI fever runs high

Artificial-intelligence platforms have become go-to solutions across design, sales and marketing, and the crooks know it. Fake offers that dangle “free for a year” or “premium unlocked” deals hit the sweet spot between curiosity and cost savings, luring busy professionals into a quick click. Security experts recommend a few basic defences: download installers only from official vendor pages or reputable app stores, keep operating systems and antivirus suites patched, and watch for small red flags—odd domain names, spelling mistakes, or unexpected archive files—that often give away a scam. Above all, remember that tempting software at an unbeatable price might end up costing far more once ransomware or a wiper has done its work.

With both researchers and criminals locked in an arms race around the booming AI market, vigilance remains the simplest, most effective safeguard. The next time a glossy ad promises a breakthrough tool, a moment’s caution could be the difference between a productive new workflow and a paralysed computer demanding cryptocurrency.