Cyber attackers are capitalizing on user demand for AI-generated content by spreading malware targeted at creators and small businesses in the form of fake AI content services.
As Bleeping Computer reports , a new infostealer known as Noodlophile exfiltrates web browser data, including account credentials, session cookies, tokens, and cryptocurrency wallet files. The malware may also be deployed with XWorm , which gives attackers remote access to your device in order to steal sensitive information and install ransomware.
How a Noodlophile attack works
According to a threat analysis by security firm Morphisec , Noodlophile hides in fake AI video generators—notably, those named “Dream Machine.” These tools are advertised on Facebook, leading users to fraudulent websites to upload images or video to create AI-generated content.
Users are then prompted to download a completed video as a ZIP archive named VideoDreamAI.zip, which contains an executable file (Video Dream MachineAI.mp4.exe) as well as hidden folders with components to infect the target’s device with malware. The scheme uses legitimate editing tools you might find in a video editor like CapCut , as well as files disguised as PDFs and Word docs to avoid detection by both users and malware scanners.
Once deployed, Noodlophile communicates stolen information back to hackers in real time using a Telegram bot.
How to protect your data from Noodlophile
Always use caution when downloading and executing files from the internet, especially when using websites you don’t know and trust. Noodlophile hides behind a seemingly benign file name verified with a certificate created via WinAuth, so it may not seem suspicious on the surface.
But if you look at the file extension—which you should always verify—you’ll see that it’s actually a .exe, not a .mp4 video. Make sure file extensions are set to show on your device, as having these hidden allows hackers to spread malware undetected. You can also use a malware scanner to check downloads before opening them.
