In brief
- Cybercriminals are using fake AI tools on social media to spread Noodlophile malware.
- Malicious platforms trick users into downloading ZIP archives that steal sensitive data.
- Noodlophile stealer, which researchers suspect originated in Vietnam, can include additional remote access trojans.
People are being tricked into downloading fake AI tools as a way to spread the information stealer malware Noodlophile.
This malware is able to harvest browser credentials, cryptocurrency wallet information and more sensitive data, according to a security researcher.
Morphisec researcher Shmuel Uzan said, in a report, "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns."
The attackers build convincing AI themed platforms which can then be advertised on Facebook groups or social media campaigns. While these may look legitimate, they are simply fronts to get people to download the malware hidden in what appears to be AI tools.
Kaspersky Flags Malware on SourceForge That Tricks Victims Into Sending Attackers Their Crypto
Cybersecurity firm Kasperky has discovered a malware which tricks victims into sending attackers their crypto by replacing trusted wallet addresses on a users' clip board. The malware is being distributed under the guise of Microsoft Office Add-Ins on the SourceForge website. In reality, alternate links are being used to install this malware and infiltrate crypto wallets. The coding appears to be in Russian with an expected 90% of potential victims in Russia, Kaspersky researchers wrote in a pos...
These sorts of posts, shared on Facebook, have reached views as high as 62,000, from a single post alone.
Some of the fake social media pages identified are: Luma Dreammachine AI, Luma Dreammaching and gratistuslibros.
Once a user clicks on a post they are taken to apparently free AI editing tools and urged to upload their image or video. They are then asked to download what looks like the AI tool, but is actually a malicious ZIP archive called VideoDreamAI.zip. This leads to a Python binary paving the way to deploy the Noodlophile Stealer.
Bitcoin Python Library Targeted by Wallet Draining Malware
Machine learning has been used to detect crypto malware targeting users of bitcoinlib, a popular Python library for making Bitcoin wallets. ReversingLabs says the malicious packages attempted to overwrite legitimate commands in order to extract sensitive database files. Researchers say bitcoinlib is a "widely used open-source library" that allows crypto wallets to be created and managed—attracting more than one million downloads since its launch. Named "bitcoinlibdbfix" and "bitcoinlib-dev," the...
Some instances have also seen the data stealer bundled with remote access trojans like XWorm, for more control over the host's machine and data.
The Noodlophile malware is assessed to be of Vietnamese origin, according to a GitHub profile that claims to be that of "a passionate Malware Developer from Vietnam."
Authorities have said that cybercrime is especially prevalent in Southeast Asia and there is a history of distributing stealer software using the Facebook platform specifically.
Edited by Stacy Elliott.
