Ethical Hacking News
A new wave of fake AI-powered lures is targeting unsuspecting users on social media, with the Noodlophile Stealer malware being one of the most notable examples. The malicious software has been spread through convincing AI-themed platforms, often advertised via legitimate-looking Facebook groups and viral social media campaigns. Cybersecurity experts warn that this trend highlights the growing threat of fake AI-powered tools as vectors for malicious activity.
Fake AI-powered tools are being used as lures to entice users into downloading malicious software.A new malware called Noodlophile Stealer is spreading through social media, targeting users who download fake AI-themed platforms.Threat actors have created convincing AI-themed platforms to attract unsuspecting users on Facebook and other social media sites.The malware steals sensitive data such as browser credentials, cryptocurrency wallet information, and more.The threat actor behind Noodlophile is believed to be of Vietnamese origin.
In recent months, cybersecurity experts have been warning about the growing threat of fake artificial intelligence (AI)-powered tools being used as lures to entice users into downloading malicious software. The most notable example of this trend is the spread of the Noodlophile stealer malware, which has been observed leveraging these fake AI-themed platforms to target unsuspecting users on social media.
According to a report published by Morphisec researcher Shmuel Uzan, threat actors have been building convincing AI-themed platforms, often advertised via legitimate-looking Facebook groups and viral social media campaigns. These posts have been found to attract over 62,000 views on a single post, indicating that users looking for AI tools for video and image editing are the primary target of this campaign.
The fake social media pages identified by Morphisec include Luma Dreammachine Al, Luma Dreammachine, and gratistuslibros. Users who land on these posts are urged to click on links that advertise AI-powered content creation services, including videos, logos, images, and even websites. Once unsuspecting users upload their image or video prompts on these sites, they are then asked to download the supposed AI-generated content, at which point a malicious ZIP archive ("VideoDreamAI.zip") is downloaded instead.
Within this file, a deceptive file named "Video Dream MachineAI.mp4.exe" kick-starts the infection chain by launching a legitimate binary associated with ByteDance's video editor ("CapCut.exe"). This C++-based executable is used to run a .NET-based loader named CapCutLoader that, in turn, ultimately loads a Python payload ("srchost.exe") from a remote server.
The Python binary paves the way for the deployment of Noodlophile Stealer, which comes with capabilities to harvest browser credentials, cryptocurrency wallet information, and other sensitive data. Select instances have also bundled the stealer with a remote access trojan like XWorm for entrenched access to the infected hosts.
The developer of Noodlophile is assessed to be of Vietnamese origin, who, on their GitHub profile, claims to be a "passionate Malware Developer from Vietnam." The account was created on March 16, 2025. It's worth noting that the Southeast Asian nation is home to a thriving cybercrime ecosystem that has a history of distributing various stealer malware families targeting Facebook.
This trend highlights the evolving nature of cyber threats and the growing reliance on social media platforms as vectors for malicious activity. The use of fake AI-powered tools as lures is not a new phenomenon, but it marks a significant escalation in the tactics used by threat actors to deceive users.
In 2023, Meta reported that it took down over 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families. This incident demonstrates how fake AI-powered tools can be used to spread malware and highlights the need for increased vigilance among social media platforms and users.
The rise of Noodlophile Stealer serves as a reminder that cybersecurity is an ongoing cat-and-mouse game between threat actors and defenders. As new technologies emerge, such as AI and machine learning, it's essential to stay informed about emerging threats and adapt our defenses accordingly.
In conclusion, the spread of fake AI-powered lures has become a significant concern in recent months, with Noodlophile Stealer being one of the most notable examples of this trend. As threat actors continue to evolve their tactics, it's crucial for users to remain vigilant and take steps to protect themselves from these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Rise-of-Fake-AI-Powered-Lures-A-New-Vector-for-Malicious-Actors-to-Spread-Noodlophile-Stealer-ehn.shtml
Published: Mon May 12 03:56:01 2025 by llama3.2 3B Q4_K_M
