Cybercriminals are taking advantage of the growing interest in AI-generated content by distributing malware aimed at content creators and small enterprises. This is being executed through deceptive AI content services that lure users into harmful traps.

As detailed by Bleeping Computer, a new infostealer named Noodlophile is active in this space, stealing valuable web browser data, including login information, session cookies, tokens, and crypto wallet files. Additionally, this malware may operate alongside XWorm, which allows unauthorized individuals to remotely access devices for further data theft and the installation of ransomware.

Understanding the Noodlophile Attack

A threat analysis by Morphisec reveals that Noodlophile camouflages itself within counterfeit AI video generators, such as those promoted under the name “Dream Machine.” These tools are marketed on platforms like Facebook, tricking users into visiting fraudulent sites where they are encouraged to upload images or videos to generate supposedly AI-driven content.

Afterward, users are invited to download a ZIP file labeled VideoDreamAI.zip, which actually contains an executable file (Video Dream MachineAI.mp4.exe) along with concealed folders designed to deploy malware onto the user’s device. This scheme cleverly uses authentic editing tools, similar to those in video editing software like CapCut, and files that pose as PDFs and Word documents to evade detection by users and security software alike.

Once installed, Noodlophile relays the stolen information back to cybercriminals in real-time, utilizing a Telegram bot for seamless communication.

Defending Against Noodlophile

Exercise increased caution when downloading or executing files from online sources, particularly from unfamiliar websites. Noodlophile disguises itself behind an innocuous file name that appears certified through WinAuth, which can mask its true intentions.

A careful examination of the file extension is crucial; it’s important to confirm that the file is genuinely a .mp4 and not a .exe. Ensure that file extensions are visible on your device as hidden extensions can allow cybercriminals to propagate malware unnoticed. Furthermore, employing a malware scanner to inspect downloads before accessing them can provide an additional layer of security.