Email security, Phishing, Malware, Data Security

Global Noodlophile campaign involves bogus copyright notices

Account takeovers

Organizations in the U.S, Europe, and other parts of the world have been targeted with spear-phishing emails purporting to be copyright infringement notices that facilitate Noodlophile information-stealing malware deployment, reports The Hacker News.

Attackers leveraged Gmail accounts to distribute malicious emails alleging Facebook Page copyright violations that aim to lure recipients into clicking a Dropbox link delivering an installer, which enables the sideloading of an illicit DLL that aims for persistence before eventually injecting Noodlophile, according to a Morphisec analysis. Additional findings revealed that Telegram group descriptions have also been used to better conceal the browser- and system data-stealing Noodlophile payload, which is continually being developed to include more information gathering and network tracking capabilities. "This approach builds on the previous campaign's techniques (e.g., Base64-encoded archives, LOLBin abuse like certutil.exe), but adds layers of evasion through Telegram-based command-and-control and in-memory execution to avoid disk-based detection," said Morphisec researcher Shmuel Uzan.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds