New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms

Morphisec details a widespread social-engineering campaign that impersonates AI-based media generation services to trick users into downloading a ZIP archive which installs a multi-stage malware chain: a repackaged CapCut binary that unpacks and runs .NET and Python components, the Noodlophile infostealer (credential and wallet theft) and optionally an XWorm loader providing remote access and worm-like propagation; the report includes technical analysis, persistence/evade techniques (LOLBins, in-memory execution, PE hollowing), developer OSINT, and a comprehensive set of IOCs.