Ransomware hiding in fake AI, business tools


Artificial intelligence (AI) and small business tools are being abused as smokescreens to hit unsuspecting victims with ransomware.

In the masquerade campaigns discovered by Cisco Talos, cybercriminals hid malware behind software and install packages that mimicked the websites or names of the lead monetization service Nova Leads, the enormously popular Chat GPT, and an AI-empowered video tool called InVideo AI.

Read more…
Source: Malwarebytes Labz


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Apple releases security patches for iOS, MacOS Tahoe, Safari

    June 30, 2026

    Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari ...

  • ToddyCat: your hidden email assistant. Part 2

    June 30, 2026

    Kaspersky continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, they examined the group’s attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that campaign indicated that ToddyCat was attempting ...

  • Japan: Over 14 million login credentials leaked from six ISPs in major data breach

    June 29, 2026

    A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation. According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked ...

  • ONResolver RAT Abuses TON Blockchain to Target Japan’s Hotel Industry

    June 29, 2026

    In late May 2026, suspicious emails were identified being sent to Japanese partner companies of Booking.com, with the subject line “Important: Guest Stay Review Request” (重要:ゲスト滞在レビュー依頼). In this attack, a zip file was downloaded by accessing a hyperlink to a suspicious web site, and the infection began when the user clicked a shortcut link file ...

  • Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs

    June 29, 2026

    Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records ...

  • Fake GTA VI beta keys are already draining cryptocurrency wallets worldwide

    June 27, 2026

    Grand Theft Auto VI is not due on consoles until November 19 2026, but official preorders open soon, and cybersecurity researchers have warned criminals are already exploiting the wait with a coordinated wave of fraudulent websites. Malwarebytes and NordVPN have both flagged sites promising “VIP early access” or exclusive beta keys to one of gaming’s most anticipated ...