Actors threats were observed for the use of fake tools that support artificial intelligence (AI) as a bait to attract users to download the theft of malicious software called Emergency.
‘Instead of relying on traditional phishing or hacked software sites, they build convincing AI-thematic platforms – Note In a report published last week.
Messages that are divided into these pages have been found to attract more than 62,000 views on one message, indicating that users looking for AI -to -editing tools are the goals of this company. Some of the fake pages in social media include Luma DreamMachine Al, Luma Dreammachine and Gratistuslibros.
Users who land in social media reports call for the translation of the AI content creation services, including video, logos, images and even sites. One of the fictitious sites is masked as Capcut AI by offering users “video editor in one of the new AI features”.
Once the users do not suspect, load their images or videos on these sites, they are offered to load the intended AI content, at this point the malicious archive of ZIP (“Videodreamai.zip”).
The file presents a deceptive file called “Video Dream Machineai.mp4.exe”, which starts in the infection chain, launching a legitimate binary related to the video editor (“Capcut.exe”). This executable C ++ file is used to launch a .Net forking based on the name Capcutloader, which in turn eventually loads the useful load of Python (“Srchost.exe”) from the remote server.
Binary Python opens the way to deploy the theft of Noodlophile, which comes with the features for collecting credentials about the browser, information about cryptocurrency and other sensitive data. Selected specimens also complete with theft with remote Trojan as Xwormer For fixed access to the infected hosts.
The developer Noodlophile is evaluated as a Vietnamese origin that is in your Github profile claim be “hot developer malicious programs from Vietnam.” The account was created on March 16, 2025. It is worth noting that the nation of South -East Asia resides for flowering ecosystem of cybercrime This has a history of distribution of different families by malicious theft programs aimed at Facebook.
Bad subjects that armed the public interest in AI technology is not a new phenomenon. In 2023 meta said this remove More than 1000 malicious URL -Drace URLs, which have been located in their services, which have been found to use Openai Chatpp as bait to distribute about 10 malicious programs since March 2023.
The disclosure of information occurs when Cyfirma talked about another new one. Net-family malicious programs based on .Net base.
“In the absence of a specific protection against analysis and mechanisms of perseverance, PupkinsteAlle depends on the simple performance and low content to avoid detecting during its work,” cybersecurity company, cybersecurity campaign – noted. “Pupkinstileler shows a simple but effective form of malware for theft of data that uses common system behavior and widely used platforms for the expulsion of sensitive information.”
