Clickbait, CapCut, and Chaos: The Rise of AI Malware Lures
If you’re downloading free AI tools from Facebook groups, you might be feeding your passwords to a stealer built by someone who brags about it on GitHub.
Cybercriminals are exploiting the AI hype to spread Noodlophile, an info-stealing malware disguised as AI content tools. Over 62,000 users were targeted via fake Facebook campaigns offering “AI-powered” video editors like “CapCut AI.”
The malware comes packaged in a ZIP file with a deceptive filename ending in .mp4.exe. Once clicked, it initiates a silent infection chain, steals browser credentials and crypto wallets, and sometimes installs a remote access trojan (RAT).
- Platforms like “Luma Dreammachine” mask the scam behind legitimate branding
- The malware uses Python payloads via a .NET loader to evade detection
- A Vietnamese developer, openly active on GitHub, is behind the stealer
This is not just a tech issuem, it’s a trust issue. What systems do you have in place to verify digital authenticity before clicking?
Read the full article on The Hacker News.
----
💡 If you enjoyed this content, be sure to download my new app for a unique experience beyond your traditional newsletter.
This is one of many short posts I share daily on my app, and you can have real-time insights, recommendations and conversations with my digital twin via text, audio or video in 28 languages! Go to my PWA at app.thedigitalspeaker.com and sign up to take our connection to the next level! 🚀