Hackread reports that fraudulent artificial intelligence platforms promoted via Facebook ads have been harnessed to deploy the novel Noodlophile Stealer malware as part of a multi-stage attack.
Threat actors have infested Facebook groups with posts promoting fake AI websites, which trigger downloads for a malicious ZIP archive upon victims' uploading of images, according to an analysis from Morphisec. Included within the ZIP archive was an executable purporting to be a CapCut version, which then deploys additional payloads, resulting in the subsequent delivery of the Noodlophile Stealer and XWorm loader. Noodlophile, which is believed to have been developed by a Vietnamese hacker, facilitated credential and wallet compromise, as well as provided a remote access deployment option, while XWorm sought to circumvent detection systems by leveraging PE hollowing and shellcode injections, said Morphisec researchers. Such findings should prompt AI platform users to be cautious of tools provided in social media posts and third-party sites.
Threat actors have infested Facebook groups with posts promoting fake AI websites, which trigger downloads for a malicious ZIP archive upon victims' uploading of images, according to an analysis from Morphisec. Included within the ZIP archive was an executable purporting to be a CapCut version, which then deploys additional payloads, resulting in the subsequent delivery of the Noodlophile Stealer and XWorm loader. Noodlophile, which is believed to have been developed by a Vietnamese hacker, facilitated credential and wallet compromise, as well as provided a remote access deployment option, while XWorm sought to circumvent detection systems by leveraging PE hollowing and shellcode injections, said Morphisec researchers. Such findings should prompt AI platform users to be cautious of tools provided in social media posts and third-party sites.
