Weaponized AI Tool Installers Infect Windows Devices with Ransomware

A new wave of cyberattacks, where malicious actors exploit AI’s popularity by distributing weaponized installers that deliver ransomware and destructive malware to unsuspecting Windows users.

Cisco Talos has recently uncovered three notable threats CyberLock ransomware, the Lucky_Gh0$t ransomware, and a destructive malware named Numero, all camouflaged as credible AI tool installers.

---

1. Technical Anatomy of CyberLock and Lucky_Gh0$t Ransomware

CyberLock: PowerShell-Based Ransomware

CyberLock is a PowerShell ransomware most commonly delivered under the guise of a popular lead generation AI tool via a fake website, novaleadsai[.]com, which mimics the legitimate novaleads.app.

The website’s SEO is manipulated to appear at the top of search results, luring businesses with a “free 12-month trial.”

The installer comes as a ZIP archive containing NovaLeadsAI.exe, a .NET loader with an embedded PowerShell ransomware script. As soon as the executable is run, it performs several advanced technical operations:

• Stealth Execution: Uses GetConsoleWindow from kernel32.dll and ShowWindow from user32.dll to hide the PowerShell window.
• Privilege Escalation: Checks and elevates to admin privileges if necessary.
• AES File Encryption: Decrypts an embedded public key to derive AES keys, then enumerates folders on C:, D:, and E:, targeting a broad array of file types (see Reference Table), appending the .cyberlock extension.

Targeted File Extensions Include:

.doc, .docx, .xls, .xlsx, .ppt, .pdf, .jpg, .png, .mp3, .avi, .zip, .exe, .py, .java, .sql, .db, .log, .bak, .vhd, .iso, .ai, .psd, .torrent, ...

Full list available in the Cisco Talos report.

• Ransom Note: Drops ReadMeNow.txt on the desktop, demanding $50,000 in Monero (XMR), split between two wallets—frustrating tracking efforts. The note falsely claims ransom payments will fund humanitarian causes and threatens data exposure if not paid in three days.

Ransom Note Sample:

Your files have been encrypted!
Pay $50,000 in Monero to the addresses below...
If payment is not received, your data will be exposed.

• Forensic Evasion: Invokes cipher.exe /w to securely wipe free disk space, rendering file recovery difficult.

Cipher Command Sample:

powershellcipher.exe /w:C:\

• Cosmetic Modifications: Downloads an image from a cybersecurity blog and sets it as the Windows wallpaper using registry changes and PowerShell.

Lucky_Gh0$t: A Yashma/Chaos Variant Masquerading as ChatGPT

Lucky_Gh0$t ransomware rides the wave of AI hype, delivered as a self-extracting archive—ChatGPT 4.0 full version - Premium.exe—bundling both a ransomware payload (dwn.exe, mimicking the legit Windows dwm.exe) and actual Microsoft open-source AI tools to bypass AV detection.

Encryption Logic:

• Files <1.2GB: Encrypted with AES-256/RSA-2048, random 4-character extension appended (e.g., .a1b2).
• Files >1.2GB: Overwritten with the character ?, original deleted—a destructive act.

Ransom Note Communication:

The ransomware provides a unique victim ID and directs users to contact attackers via the secure messenger getsession[.]org

Lucky_Gh0$t File Handling (Pseudocode):

pythonif file_size < 1.2GB:
    encrypt(file, aes_key)
    file.rename(file.name + random_ext)
else:
    new_file = create(file.size)
    new_file.write("?")
    file.delete()

---

Destructive Malware: Numero’s GUI Manipulation

Numero is a newly identified, highly destructive malware that masquerades as the installer for InVideo AI, a widely used video creation tool. The installer contains a dropper that deploys a Windows batch file, VBScript, and a malicious C++ executable, wintitle.exe.

Execution Flow:

The dropper copies malicious components to the user’s temp folder.

A batch script launches Numero in an infinite loop, periodically killing and restarting the process every 60 seconds.

Numero’s core thread inspects the system for analysis tools (like IDA, OllyDbg, WinDbg); if any are found, it terminates to evade analysis.

Window Manipulation Routine (Simplified):

cppHWND desktop = GetDesktopWindow();
EnumChildWindows(desktop, EnumChildProc, 0);
SendMessageW(child, WM_SETTEXT, 0, (LPARAM)L"1234567890");

This code repeatedly overwrites window titles, buttons, and contents with the string 1234567890, corrupting the graphical user interface until the system is unusable.

Users are left unable to use their system as all visible GUIs become garbled, with even basic functions like the Run dialog or window titles replaced by number

As organizations race to adopt AI tools, attackers are leveraging the trend with increasingly convincing lures and advanced technical tactics targeting Windows systems. By blending PowerShell, C#, and C++ malware delivered through fake AI installers—often bundled with legitimate tools to evade detection—these campaigns threaten not just individual machines but the very trust in the AI software ecosystem.

Mitigation Recommendations:

• Download AI software only from official vendor websites.
• Educate employees on the dangers of counterfeit installers.
• Deploy advanced endpoint protection and maintain regular, offline backups.
• Monitor endpoints for suspicious PowerShell activity, privilege escalations, and unusual GUI changes.

Vigilance and layered security controls are now essential defenses against the rising tide of weaponized AI tool installer threats.

You can also find the indicators of compromise here at GitHub.