CyberWire Daily A new stealer hiding behind AI hype. [Research Saturday]
11 snips
Nov 29, 2025 
Joining the discussion is Michael Gorelik, Chief Technology Officer at Morphisec and expert in cybersecurity. He sheds light on the Noodlophile stealer, a malware campaign manipulating fake AI video generation platforms. Users are lured into downloading malware disguised as legitimate software through deceptive Facebook groups. Gorelik explains the theft of sensitive data, including browser credentials and crypto wallets, and discusses the unique tactics used to hide malware. He emphasizes the importance of caution when interacting with AI tools and shares tips for detection and prevention.
AI Snips
Chapters
Transcript
Episode notes
Archive-Based Delivery Conceals Malware
- Noodlophile is an infostealer delivered via highly obfuscated archives and Python-in-memory payloads using base85 encoding.
- The delivery chain deliberately hides executables inside modified archives to evade basic scanning and detection.
Fake AI Video Sites Promote Malware
- Attackers set up fake AI video-generation sites and promoted them via convincing Facebook pages with follower counts even higher than legitimate services.
- These malicious pages let users download example videos for free while real sites require signup, luring victims into downloading archives.
Don't Open Untrusted AI Site Archives
- Avoid downloading archives from untrusted AI platforms and delete suspicious downloads immediately.
- If you must interact, inspect archives with tools like 7zip and verify hidden folders before opening executables.