Skip to content
Menu
menu
Illustration of a trojan horse hidden within an artificial intelligence (AI) gift box

Illustration by iStock; Security Management

Push for Workplace AI Opens Doors for Scammers and Malware Campaigns

When it comes to technology tools, remember: If it sounds too good to be true, it probably is. But the advent of artificial intelligence (AI) and all of its seemingly miraculous workplace shortcuts have made the temptation too much for many employees to resist.

A recent large social media campaign promoted a free AI video editor app that promised to “create breathtaking videos in minutes” with “no special skills required.” However, users didn’t get a video editor—they got information-stealing malware, according to a Malware Bytes report. The links in the campaign would install Lumma Stealer and Atomic Stealer malware on users’ computers. The malware would steal information from cryptocurrency wallets and browser extensions, or would seek out credit card details, authentication cookies, or passwords.

This isn’t new, per se. Cybercriminals have been disguising malware in generative AI tools or using the hype around ChatGPT and other services to phish users since at least 2023. But the corporate push to chase AI-enabled efficiency is opening the gates for malware Trojan horses.

Nearly all executives surveyed by Workforce Lab from Slack said they feel an urgency to incorporate AI into business operations, and AI use among desk workers is up 23 percent between January and March 2024. Among employees using AI applications, 81 percent said it has improved their productivity.

Despite the urge to adopt AI, 37 percent of survey respondents told Slack that their company has no AI usage guidelines, which can lead to unapproved use of AI-based applications on work devices and a lack of trust in the efficiency and validity of legitimate AI tools.

“AI has spurred broad interest across all audiences, from cybercriminals looking to perfect their scams to everyday consumers interested in learning more and hacking their productivity with new AI-powered tools,” said Pieter Arntz, a Malwarebytes intelligence researcher, in an interview with CSO Online. “This onslaught of interest has sparked a flurry of AI-related scams, and I don’t see them stopping anytime soon. 

“Most cybercriminals are focused on making money, and they’ll take advantage of any new cultural moment to dupe users. I’ve seen scams ranging from a free trial with a very shoddy product to straight-out malware downloads. I caution people to be wary of new, free tools and to use a browser extension that blocks malware and phishing.”

Cybersecurity awareness campaigns about malware and avoiding installing unwanted applications are essential. This is fairly standard, but it’s especially important when AI hype is driving attention and interest in free tools that can simplify work tasks. IT teams can also provide whitelisted or approved apps and configure operating systems to restrict application installation rights to only admins.

 

arrow_upward