Fake AI-powered video generation tools are being exploited to distribute the ‘Noodlophile’ malware family, which steals sensitive user data. The campaign involves convincing websites and dark web sales, making it a sophisticated threat for users and organizations alike. (Affected: Windows systems, online users, organizations with web browser data)
Keypoints :
- The ‘Noodlophile’ malware is marketed as an AI-generated video tool but functions as an information stealer.
- The campaign uses deceptive websites like “Dream Machine” and fake video files to trick users into executing malware.
- The infection chain involves malicious ZIP archives containing disguised executables that appear as genuine media files.
- The malware targets browser credentials, session cookies, tokens, and cryptocurrency wallet files for theft.
- Noodlophile exfiltrates stolen data via a Telegram bot acting as a covert command-and-control server.
- The malware can be bundled with XWorm, a remote access trojan, enhancing attack capabilities.
- Protection requires avoiding unknown downloads, verifying file extensions, and using up-to-date antivirus software.