Hackers Target AI Enthusiasts with New "Noodlophile" Stealer

Cybersecurity researchers have identified a sophisticated malware campaign exploiting the growing public interest in artificial intelligence tools. The newly discovered "Noodlophile Stealer" is being distributed through deceptive websites that masquerade as AI-powered video generation platforms.

The AI Deception Strategy

Unlike traditional malware distribution methods that rely on pirated software or phishing emails, this campaign leverages the excitement around AI content creation tools. Attackers have established convincing fake AI platforms that promise to transform user-uploaded photos into advanced AI-generated videos.

These fraudulent services are actively promoted through Facebook groups and other social media channels, with some posts receiving over 62,000 views. The social engineering approach is particularly effective because it targets a newer, less suspicious audience: content creators and businesses exploring AI productivity tools.

When victims visit these fake AI sites, they're instructed to upload images for "processing" by the purported AI systems. After completing various steps on the site, users are presented with a download link supposedly containing their generated content. Instead, they receive malware disguised as video files.

Image Source: morphisec.com

Inside the Noodlophile Stealer

The Noodlophile Stealer represents a previously undocumented threat in the cybersecurity landscape. Security analysts determined that this information stealer has several dangerous capabilities:

What makes this attack particularly concerning is its sophisticated multi-stage infection process. The initial file, often named with misleading extensions like "Video Dream MachineAI.mp4.exe," initiates a complex infection chain that involves:

The final payload communicates with command servers through Telegram bots, creating a covert channel for data exfiltration that's difficult to detect.

Attribution and Distribution Network

Researchers investigating "Noodlophile" across cybercrime forums discovered it's being offered as part of malware-as-a-service (MaaS) operations. Language indicators and social media profiles suggest the developer has Vietnamese origins.

The malware is distributed through a network of fraudulent websites with names designed to sound legitimate, such as:

Protection Recommendations

Security experts advise taking several precautions to avoid falling victim to this and similar campaigns:

As AI continues to capture public imagination, we can expect cybercriminals to increasingly leverage this trend for malware distribution. This campaign demonstrates how quickly threat actors adapt their tactics to exploit emerging technologies and public interest.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: