- Cybercriminals are using fake Artificial Intelligence (AI) platforms on social media to trick people into downloading Noodlophile Malware.
- These platforms distribute malicious ZIP files that steal sensitive information like browser passwords and cryptocurrency wallet details.
- Noodlophile is believed to have originated in Vietnam and sometimes includes extra software for remote computer access.
Cybercriminals are targeting users by promoting fake AI tools on social media, leading to the spread of the Noodlophile malware, according to recent findings by security researchers. Users are drawn in by what appear to be legitimate AI editing platforms, then tricked into downloading files that actually contain information-stealing malware.
Security researcher Shmuel Uzan from Morphisec reported that attackers set up convincing AI-themed sites and advertise them through Facebook groups and viral social posts. Large numbers of users are being reached—one post alone was viewed more than 62,000 times. When users follow links to these sites, they are prompted to download what looks like a useful tool but is actually a malicious ZIP file named VideoDreamAI.zip.
The Noodlophile malware hidden inside these downloads is able to collect browser credentials, cryptocurrency wallet information, and other sensitive data. According to Uzan’s report, "instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns." The platforms identified so far include fake names like Luma Dreammachine AI, Luma Dreammaching, and gratistuslibros.
Once a victim clicks to download the supposed AI tool, the ZIP archive deploys a Python binary that installs the Noodlophile Stealer. This software can collect sensitive information and, in some cases, is bundled with additional remote access trojans such as XWorm. These trojans give attackers further control over the infected computer.
The source of Noodlophile appears to be connected to Vietnam, with a GitHub profile describing its owner as "a passionate Malware Developer from Vietnam." Authorities say Southeast Asia, and especially Facebook, have seen repeated cybercriminal activity involving information-stealing malware.
These incidents show cybercriminals are taking advantage of the popularity of AI tools and the reach of social media to spread malware and collect personal information from unsuspecting users.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Sonic Labs Raises $10M From Galaxy to Boost U.S. DeFi Growth
- GTJAI to Issue Tokenized Securities in Hong Kong, Eyes Digital Hub
- Florida Teens Kidnap Crypto Host, Steal $4M, Abandon Victim in Desert
- Crypto Fund Inflows Hit $882M as Assets Near Record $173B
- Atua AI Expands XRP Support for Fast, Scalable Web3 Finance
