Organizations in the U.S, Europe, and other parts of the world have been targeted with spear-phishing emails purporting to be copyright infringement notices that facilitate Noodlophile information-stealing malware deployment, reports The Hacker News.
Attackers leveraged Gmail accounts to distribute malicious emails alleging Facebook Page copyright violations that aim to lure recipients into clicking a Dropbox link delivering an installer, which enables the sideloading of an illicit DLL that aims for persistence before eventually injecting Noodlophile, according to a Morphisec analysis. Additional findings revealed that Telegram group descriptions have also been used to better conceal the browser- and system data-stealing Noodlophile payload, which is continually being developed to include more information gathering and network tracking capabilities. "This approach builds on the previous campaign's techniques (e.g., Base64-encoded archives, LOLBin abuse like certutil.exe), but adds layers of evasion through Telegram-based command-and-control and in-memory execution to avoid disk-based detection," said Morphisec researcher Shmuel Uzan.
Attackers leveraged Gmail accounts to distribute malicious emails alleging Facebook Page copyright violations that aim to lure recipients into clicking a Dropbox link delivering an installer, which enables the sideloading of an illicit DLL that aims for persistence before eventually injecting Noodlophile, according to a Morphisec analysis. Additional findings revealed that Telegram group descriptions have also been used to better conceal the browser- and system data-stealing Noodlophile payload, which is continually being developed to include more information gathering and network tracking capabilities. "This approach builds on the previous campaign's techniques (e.g., Base64-encoded archives, LOLBin abuse like certutil.exe), but adds layers of evasion through Telegram-based command-and-control and in-memory execution to avoid disk-based detection," said Morphisec researcher Shmuel Uzan.




