Intel Name: Cybercriminals camouflaging threats as ai tool installers
Date of Scan: June 2, 2025
Impact: High
Summary: The team uncovered new threats posing as AI tool installers: CyberLock, Lucky_Gh0$t, and a destructive malware dubbed “Numero.” CyberLock, built with PowerShell, encrypts files and falsely claims ransom payments support humanitarian causes. Lucky_Gh0$t is a minor variant of Yashma ransomware, part of the Chaos family. Numero disrupts victims by corrupting the Windows GUI, rendering systems unusable.
