As scammers follow online tool usage trends, it's no wonder that the latest detected method of spreading malware has been found on artificial intelligence (AI) content generation platforms.
Cybersecurity company Morphisec has discovered that criminals are now building AI-generated video and image editing platforms where malware is disguised as AI output, delivered after users upload their images for processing.
Moreover, these fake platforms are said to be advertised via legitimate-looking Facebook groups, boasting over 62,000 views on a single post, and through viral social media campaigns.
"Expecting to receive a custom video based on their input, victims instead download a malicious payload—bundled with a newly identified infostealer, dubbed Noodlophile Stealer," the researchers said.
According to them, Noodlophile is designed to harvest browser credentials, cryptoasset wallets, and sensitive data. It can also deploy a remote access trojan like XWorm, which takes over the infected system.
Morphisec has noted that while more common malware campaigns are disguised as pirated software or game cheats, the developers of Noodlophile target a "more trusting audience," such as creators and small businesses.
As a potential victim finds a fake Facebook group created to distribute malware, they are tricked into visiting fraudulent websites pretending to offer AI-powered content creation services, such as the example below:
Once the malware is installed after a user downloads the "processed" content, Noodlophile Stealer communicates with the attackers through a Telegram bot to exfiltrate stolen information, the researchers found.
"The developer behind Noodlophile, likely of Vietnamese origin based on language indicators and social media profiles, was observed responding to Facebook posts promoting this new method," they said, adding that the developer's online profile can be found by following links in these Facebook groups, where they admit to working 'on Malware Development' and learning 'Reverse Engineering and Malware Analysis.'
Your email address will not be published. Required fields are markedmarked