This AI Video Generator Spreads Malware
Cyber attackers are capitalizing on user demand for AI-generated content by distributing malware targeting content creators and small businesses in the form of fake AI-powered content services.
As reported by Bleeping Computer , a new infostealer known as Noodlophile is stealing web browser data, including credentials, session cookies, tokens and cryptocurrency wallet files. Malware can also be deployed using XWorm , which gives attackers remote access to your device to steal sensitive information and install ransomware.
How does the noodling attack work?
According to threat analysis by security firm Morphisec , Nudlofil is hiding in fake AI video generators, specifically those called “Dream Machine”. These tools are advertised on Facebook, leading users to fraudulent websites to upload images or videos to create AI-generated content.
Users are then prompted to download the finished video as a ZIP archive named VideoDreamAI.zip, which contains an executable file (Video Dream MachineAI.mp4.exe) as well as hidden folders containing components to infect the target device with malware. The scheme uses legitimate editing tools that you can find in a video editor like CapCut , as well as files disguised as PDFs and Word documents to avoid detection by both users and malware scanners.
Once deployed, Noodlophile transmits stolen information to hackers in real time using a Telegram bot.
How to protect your data from Noodlophile
Always use caution when downloading and running files from the Internet, especially when using websites that you do not know or trust. Noodlophile hides behind a seemingly innocuous filename verified by a certificate generated via WinAuth, so it may not seem suspicious at first glance.
But if you look at the file extension, which you should always check, you’ll see that it’s actually an .exe and not an .mp4 video. Make sure file extensions are visible on your device, as hiding them allows hackers to spread malware undetected. You can also use a malware scanner to check downloads before opening them.