Why trust Greenbot
Cybercriminals have begun exploiting the hype for artificial intelligence (AI) by creating fake AI video generation tools to spread a new data-stealing malware called “Noodlophile,” security researchers revealed this week.
Attackers have shifted their tactics away from conventional email phishing campaigns. They now create sophisticated AI-themed websites promoted heavily through Facebook groups. Posts promoting these fake tools have reached over 62,000 views from a single post, according to a report published by Morphisec security researcher Shmuel Uzan.
“These criminals build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,” Uzan explained in his findings.
Source: Morphisec
The attackers create fake pages impersonating legitimate AI services like “Dream Machine” and “CapCut AI”. These fake sites promise free image-to-video conversions. When users upload images to be transformed, they receive a malicious ZIP file (VideoDreamAI.zip) instead of the promised AI-generated content.
This ZIP file contains a program with a misleading name that looks like a video file (“Video Dream MachineAI.mp4.exe”). This program starts a series of steps that install the malware.
“This binary is actually a repurposed version of CapCut, a legitimate video editing tool (version 445.0). This deceptive naming and certificate help it evade user suspicion and some security solutions,” explains Morphisec.
Once installed, Noodlophile harvests browser credentials, cryptocurrency wallet data, session cookies, and other sensitive information. The stolen data is then transmitted to attackers through Telegram bots in real-time.
Some versions of this malware also include remote access trojans like XWorm. This gives attackers persistent control over infected systems. Researchers have identified Noodlophile as part of a malware-as-a-service scheme sold on dark web forums.
Source: Morphisec
The developer behind Noodlophile appears to be from Vietnam. Their GitHub profile claims they are a “passionate Malware Developer from Vietnam.” Security experts point out that Southeast Asia has a growing number of cybercriminals who often target Facebook users with data-stealing programs.
This campaign represents a growing trend of exploiting interest in new technology to spread malware. In 2023, Meta (Facebook’s parent company) had to remove more than 1,000 harmful links that were using ChatGPT as bait to spread various types of malware.
Users should be careful when downloading AI tools, especially those advertised on social media. Security best practices include verifying file extensions before opening downloads, using up-to-date antivirus protection, and only downloading software from official sources.
For anyone interested in AI image or video generation, experts recommend sticking to established platforms with verified websites, regardless of how compelling the AI demonstration may appear.
