EddieJayonCrypto
12 May 25
People are being tricked into downloading fake AI tools that spread the Noodlophile malware, which steals browser credentials, cryptocurrency wallet information, and other sensitive data. Attackers create convincing AI-themed platforms advertised through legitimate-looking Facebook groups and viral ...
Fake AI tools promoted through Facebook and social media campaigns are being used to distribute the Noodlophile malware, which steals browser credentials, cryptocurrency wallets, and other sensitive data.Users are tricked into downloading these fake AI tools, which appear legitimate but actually deploy the Noodlophile Stealer. Attackers create convincing AI-themed platforms and advertise them through legitimate-looking Facebook groups and viral social media campaigns to lure victims.Once a user clicks on a post—some of which have reached up to 62,000 views—they are directed to download a malicious ZIP file disguised as an AI tool, commonly named VideoDreamAI.zip. This file contains a Python binary that installs the Noodlophile malware on their machine.In some cases, the malware is bundled with remote access trojans like XWorm, providing attackers with greater control over infected devices and stolen information.The Noodlophile malware is believed to originate from Vietnam, linked to profiles of malware developers in that region. Cybercrime involving distribution of stealer software via Facebook is particularly common in Southeast Asia, where platforms like Facebook are frequently exploited.Security experts emphasize the importance of vigilance, as these AI-themed platforms are sophisticated fronts designed to trick users into compromising their own data security. The campaign highlights ongoing risks in social media environments and the growing use of deceptive tactics tied to popular trends such as AI tools.