Noodlophile Stealer: When Cybercriminals Get a Bit Salty 

The report examines the Noodlophile infostealer campaign: malware propagated through fake AI video-generation sites and fraudulent job postings that harvest credentials and crypto wallets and exfiltrate data via Telegram bots. It highlights actor linkage to Vietnamese-linked UNC6229, technical details (DLL sideloading, djb2 rotating hash in shellcode, RC4-protected command file, XOR-encoded strings), attempts to evade and break AI-based analysis, and provides indicators and hunting guidance for defenders.