CyberSecurity news
FlagThis
@cyberalerts.io
//
Cybercriminals are exploiting the popularity of AI by distributing the 'Noodlophile' information-stealing malware through fake AI video generation tools. These deceptive websites, often promoted via Facebook groups, lure users with the promise of AI-powered video creation from uploaded files. Instead of delivering the advertised service, users are tricked into downloading a malicious ZIP file containing an executable disguised as a video file, such as "Video Dream MachineAI.mp4.exe." This exploit capitalizes on the common Windows setting that hides file extensions, making the malicious file appear legitimate.
Upon execution, the malware initiates a multi-stage infection process. The deceptive executable launches a legitimate binary associated with ByteDance's video editor ("CapCut.exe") to run a .NET-based loader. This loader then retrieves a Python payload ("srchost.exe") from a remote server, ultimately leading to the deployment of Noodlophile Stealer. This infostealer is designed to harvest sensitive data, including browser credentials, cryptocurrency wallet information, and other personal data.
Morphisec researchers, including Shmuel Uzan, warn that these campaigns are attracting significant attention, with some Facebook posts garnering over 62,000 views. The threat actors behind Noodlophile are believed to be of Vietnamese origin, with the developer's GitHub profile indicating a passion for malware development. The rise of AI-themed lures highlights the growing trend of cybercriminals weaponizing public interest in emerging technologies to spread malware, impacting unsuspecting users seeking AI tools for video and image editing.
ImgSrc: blogger.googleu
References :
Upon execution, the malware initiates a multi-stage infection process. The deceptive executable launches a legitimate binary associated with ByteDance's video editor ("CapCut.exe") to run a .NET-based loader. This loader then retrieves a Python payload ("srchost.exe") from a remote server, ultimately leading to the deployment of Noodlophile Stealer. This infostealer is designed to harvest sensitive data, including browser credentials, cryptocurrency wallet information, and other personal data.
Morphisec researchers, including Shmuel Uzan, warn that these campaigns are attracting significant attention, with some Facebook posts garnering over 62,000 views. The threat actors behind Noodlophile are believed to be of Vietnamese origin, with the developer's GitHub profile indicating a passion for malware development. The rise of AI-themed lures highlights the growing trend of cybercriminals weaponizing public interest in emerging technologies to spread malware, impacting unsuspecting users seeking AI tools for video and image editing.
ImgSrc: blogger.googleu
Share:
References :
- Blog: A new cyber threat has emerged involving counterfeit AI video generation tools that distribute a malware strain known as 'Noodlophile.'
- securityaffairs.com: Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn.
- thehackernews.com: Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.
- Virus Bulletin: Morphisec's Shmuel Uzan reveals how attackers exploit AI hype to spread malware. Victims expecting custom AI videos instead get Noodlophile Stealer, a new infostealer targeting browser credentials, crypto wallets, and sensitive data.
- SOC Prime Blog: Noodlophile Stealer Detection: Novel Malware Distributed Through Fake AI Video Generation Tools
Classification:
- HashTags: #infostealer #AI #Malware
- Company: Multiple
- Target: Users
- Feature: Steganography
- Malware: Noodlophile
- Type: Malware
- Severity: Major