Fake AI Tools Spread Noodlophile Malware via Social Media Platforms

Fake AI Platforms on Social Media Spreading Vietnamese-Linked Noodlophile Malware to Steal Sensitive Data

  • Cybercriminals are using fake Artificial Intelligence (AI) platforms on social media to trick people into downloading Noodlophile Malware.
  • These platforms distribute malicious ZIP files that steal sensitive information like browser passwords and cryptocurrency wallet details.
  • Noodlophile is believed to have originated in Vietnam and sometimes includes extra software for remote computer access.

Cybercriminals are targeting users by promoting fake AI tools on social media, leading to the spread of the Noodlophile malware, according to recent findings by security researchers. Users are drawn in by what appear to be legitimate AI editing platforms, then tricked into downloading files that actually contain information-stealing malware.

- Advertisement -

Security researcher Shmuel Uzan from Morphisec reported that attackers set up convincing AI-themed sites and advertise them through Facebook groups and viral social posts. Large numbers of users are being reached—one post alone was viewed more than 62,000 times. When users follow links to these sites, they are prompted to download what looks like a useful tool but is actually a malicious ZIP file named VideoDreamAI.zip.

The Noodlophile malware hidden inside these downloads is able to collect browser credentials, cryptocurrency wallet information, and other sensitive data. According to Uzan’s report, "instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns." The platforms identified so far include fake names like Luma Dreammachine AI, Luma Dreammaching, and gratistuslibros.

Once a victim clicks to download the supposed AI tool, the ZIP archive deploys a Python binary that installs the Noodlophile Stealer. This software can collect sensitive information and, in some cases, is bundled with additional remote access trojans such as XWorm. These trojans give attackers further control over the infected computer.

The source of Noodlophile appears to be connected to Vietnam, with a GitHub profile describing its owner as "a passionate Malware Developer from Vietnam." Authorities say Southeast Asia, and especially Facebook, have seen repeated cybercriminal activity involving information-stealing malware.

These incidents show cybercriminals are taking advantage of the popularity of AI tools and the reach of social media to spread malware and collect personal information from unsuspecting users.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

WhatsApp Rolls Out AI Message Summaries with Advanced Privacy

WhatsApp introduces an AI-driven feature to summarize unread messages for users. The feature, called Message...

Opyl Turns to Bitcoin Treasury as Cash Crisis Deepens

Opyl Limited, an Australian biotech company, bought around 2 Bitcoin as part of a...

Theta Network Launches EdgeCloud Beta, Unveils Hybrid GPU Platform

THETA Network is launching the beta version of EdgeCloud’s hybrid edge-cloud computing platform on...

Australian Police Crack Down on Crypto ATM Scams, Contact 90 Users

Australian police contacted over 90 people linked to suspected criminal use of crypto ATMs.Victims...

Colorado Pastor Faces Judgment Over “Divine Wealth” Crypto Scam

A Colorado pastor and his wife are facing civil allegations of securities fraud for...

Must Read

Top 9 VPNs That Accept Bitcoin And Crypto

CyberGhost | FastVPN | TorGuard | Private Internet Access | ExpressVPN | NordVPN | Private VPN | SurfShark | AirVPN | Why Buy VPN...