AI adoption is booming—but so is cybercrime. Programs disguised as popular AI tools that contain malware are being planted by threat actors hoping to deceive companies jumping in and adopting AI. According to Cisco Talos, Cisco's "threat intelligence research organization", these programs may be downloaded by accident due to search result manipulation, in which tactics are used to make the illegitimate programs appear higher in the search results than others. They also use social media messaging, advertising their service through apps such as Telegram.
Cisco warns that companies that deal with B2B advertising or lead generation may be the most at risk, as the tools impersonated include Nova Leads and ChatGPT. According to Cisco, "This practice poses a significant risk, as it not only compromises sensitive business data and financial assets but also undermines trust in legitimate AI market solutions."
If one downloads the malicious program, it may be masked as an executable with the AI software name, but it would contain a PowerShell script that would load and deploy ransomware, locking their system.
Users should only download files from trusted sources, and make sure to contact their IT if there is any sign that a download may not be legitimate. Organizations should implement strict download policies, educate employees on phishing and spoofing tactics, and regularly audit endpoint activity for unauthorized software.