Cybercriminals Target AI Users with Malware: What You Need to Know

In recent months, cybercriminals have increasingly targeted users of popular artificial intelligence tools, employing malware-laden installers that masquerade as legitimate software. This alarming trend was highlighted in a report by Cisco Talos on May 29, 2025, detailing various ransomware families and destructive malware that are being distributed under the guise of AI applications like OpenAI's ChatGPT and InVideo AI.

What you’ll learn: This video will explain the recent surge in cyberattacks targeting AI users, the specific threats involved, the impact on individuals and organizations, and actionable steps to safeguard against these emerging threats. We will also delve into the mechanics of how these cybercriminals operate and the potential consequences of falling victim to such attacks.

The report reveals that fake installers for AI tools are being used to spread ransomware such as CyberLock and Lucky_Gh0$t, and a new malware called Numero. CyberLock ransomware encrypts files on infected systems, demanding a ransom of $50,000 in Monero. Interestingly, the ransom note claims that the funds will be used to support humanitarian causes, which adds a disturbing twist to the attack.

In addition to CyberLock, the Lucky_Gh0$t ransomware is being distributed through a fake installer for ChatGPT, while Numero malware targets AI video creation tools like InVideo AI. These malicious installers often appear legitimate, luring users with offers of free access before deploying harmful payloads.

The cybersecurity landscape is evolving, with threat actors leveraging the popularity of AI tools to propagate malware. A recent malvertising campaign has also been identified, redirecting users from social media platforms to fake websites that impersonate legitimate AI tools. This campaign has been linked to a threat cluster known as UNC6032, which has been active since mid-2024.

As the use of AI continues to grow, so does the risk of cyberattacks targeting unsuspecting users. It's crucial for individuals and organizations to remain vigilant and implement security measures to protect against these threats. This includes being cautious when downloading software, verifying the legitimacy of websites, and keeping security software up to date.

In conclusion, the rise of AI tools has opened new avenues for cybercriminals, making it imperative for users to stay informed and proactive in safeguarding their digital environments. By understanding the tactics employed by these attackers, we can better prepare ourselves against potential threats and ensure a safer online experience.