BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Noodlophile Malware Targets Enterprises via Copyright Phishing Emails

Noodlophile Malware Targets Global Enterprises with Advanced Phishing and Stealth Techniques

  • Noodlophile Malware targets companies in the U.S., Europe, the Baltics, and Asia-Pacific with advanced phishing campaigns.
  • Attackers use spear-phishing emails disguised as copyright infringement notices, often tailored with information from online reconnaissance.
  • The campaign delivers malware using Dropbox links and legitimate software, with added evasion through Telegram channels.
  • Noodlophile is designed to steal browser and system data and developers are expanding its capabilities.
  • The operation highlights a focus on businesses with significant social media profiles, especially on Facebook.

A recent malware campaign targets enterprise organizations across the United States, Europe, the Baltic region, and Asia-Pacific. Threat actors are deploying the Noodlophile information stealer using spear-phishing emails made to look like copyright violation alerts. Attackers seek to trick employees into downloading malicious files by referencing real business and Facebook Page details.

- Advertisement -

Morphisec researcher Shmuel Uzan reported that the ongoing Noodlophile operation has shifted tactics over the past year. Attackers now send carefully crafted emails from Gmail accounts, which include links to files hosted on Dropbox. Recipients are urged to download ZIP or MSI installers that launch a sequence designed to avoid detection.

The process uses legitimate software, such as Haihaisoft PDF Reader, to sideload harmful DLL files. The attack also runs scripts to make sure the malware stays active on the infected system. According to Morphisec, the phishing chain stands out for using Telegram group descriptions to retrieve the server address Hosting the actual malware payload, increasing the campaign’s ability to evade shutdown efforts.

“This approach builds on the previous campaign’s techniques (e.g., Base64-encoded archives, LOLBin abuse like certutil.exe), but adds layers of evasion through Telegram-based command-and-control and in-memory execution to avoid disk-based detection,” Uzan said. Unlike earlier methods that primarily used fake Artificial Intelligence (AI) tools as bait, the current campaign demonstrates growth in both sophistication and scope.

Previous attacks with similar copyright lures delivered different malware, like Rhadamanthys Stealer. However, the current Noodlophile campaign uses new tricks, such as software vulnerabilities and obfuscated payload delivery through cloud and messaging services. The malware itself targets browser and system data, and it is under ongoing development to include functions like screenshot capture, keylogging, file exfiltration, process monitoring, network information gathering, file encryption, and browser history collection.

- Advertisement -

Morphisec noted that the goal is to compromise businesses with large social media presences, especially those on Facebook. Planned enhancements to Noodlophile could make it a broader threat if development continues.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Bitcoin Drops 4% on Geopolitical Tensions, Market Risk-Off

Bitcoin fell to $61,750.90 on Monday, July 13, as geopolitical tensions over the Strait...

New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords

Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer...

Trump Urges Senate to Pass Crypto Clarity Act in Honor of Late Lindsey Graham

President Donald Trump urged the Senate to pass the Crypto Clarity Act in honor...

Google pushes TPUs to neoclouds, challenging Nvidia

Google is expanding sales of its custom TPU chips to independent cloud providers, moving...

BlueMove $500K SUI heist sparks insider job fears

Approximately $500,000 worth of Sui tokens was drained from BlueMove DEX's locked liquidity pools...

Must Read

How to Set Up a Simple Bitcoin Tip Jar for Your Site or Stream

QUICK LINKSWhat a tip jar is, in plain wordsWhat you needBuild a payment link that just worksAdd a QR code that actually scansWhere to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading