### 🛑 Over 62,000 Victims Tricked by Fake AI Tools on Facebook: “Noodlophile” Malware Campaign Exposed A new and sophisticated malware campaign has surfaced, leveraging the AI hype to deceive tens of thousands of users through **fake AI tools promoted on Facebook**. ![Over 62,000 Victims Tricked by Fake AI Tools](https://maybeyouknow.com/img/over-62000-victims-tricked-by-fake-ai-tools-on-facebook.jpg) ### 🎭 Fake AI Tools as Bait Cybercriminals have been discovered using **realistic-looking fake AI platforms** to distribute a newly identified information-stealing malware called “**Noodlophile**.” Unlike traditional phishing schemes or cracked software pages, this campaign **targets users directly through fake Facebook Pages and viral content** on social platforms like X (formerly Twitter). A recent report from security researcher **Shmuel Uzan** of **Morphisec** reveals that a single post promoting these fake tools received **over 62,000 views**, with users mainly seeking free AI-based video and image editing tools. Pages impersonated include: - **Luma Dreammachine AI** - **Luma Dreammachine** - **gratistuslibros** ### 🕸 How the Scam Works Victims are lured into clicking links claiming to offer AI-powered services like video editing, logo creation, and even website design. One of the fake sites identified is a clone of **CapCut AI**, promoted as an "all-in-one AI video editor." When users follow instructions and upload content, they’re prompted to **download a file allegedly generated by AI**—but in reality, it’s a malicious ZIP file named `VideoDreamAI.zip` . Inside is a disguised executable named `Video Dream MachineAI.mp4.exe` . Running it launches a chain reaction: 1. It executes a legitimate `CapCut.exe` (video editor from ByteDance). 2. This triggers a malicious loader called `CapCutLoader` written in .NET. 3. The loader downloads a Python-based malware (`srchost.exe`) from a remote server. 4. This malware installs **Noodlophile Stealer**. ### 🔓 What Noodlophile Can Steal - Browser login credentials - Crypto wallet data - Sensitive personal information - In some cases, it installs a **remote access trojan (RAT)** like **XWorm**, allowing hackers full control over the victim’s machine. ### 🌐 Southeast Asia Suspected as Origin Morphisec believes the developer of Noodlophile is likely based in **Southeast Asia**, a known hotspot for cybercrime targeting Facebook users. ### ⚠️ Not an Isolated Incident This attack follows similar incidents in 2023, where **Meta removed over 1,000 malicious links** exploiting interest in **ChatGPT** to distribute malware. In parallel, cybersecurity firm **CYFIRMA** also reported a new .NET-based malware dubbed **PupkinStealer**, capable of exfiltrating sensitive data via **Telegram bots**. ### 🧠 Why AI Is Being Exploited The popularity of AI tools has become a powerful social engineering weapon. Scammers take advantage of users' eagerness to access “free” or cutting-edge AI features—often with minimal verification. ### 🔐 Stay Safe To protect yourself: - Be skeptical of AI tools promoted via **social media ads or unknown Facebook Pages** - **Never download** files from unofficial sources - Keep your **security software up to date** - Inspect app origins and reviews before installing anything The rise of AI has brought innovation—but also **a new generation of cyberthreats** that prey on curiosity and trust.

Over 62,000 Victims Tricked by Fake AI Tools on Facebook

World news

🛑 Over 62,000 Victims Tricked by Fake AI Tools on Facebook: “Noodlophile” Malware Campaign Exposed

A new and sophisticated malware campaign has surfaced, leveraging the AI hype to deceive tens of thousands of users through fake AI tools promoted on Facebook.

🎭 Fake AI Tools as Bait

Cybercriminals have been discovered using realistic-looking fake AI platforms to distribute a newly identified information-stealing malware called “Noodlophile.” Unlike traditional phishing schemes or cracked software pages, this campaign targets users directly through fake Facebook Pages and viral content on social platforms like X (formerly Twitter).
A recent report from security researcher Shmuel Uzan of Morphisec reveals that a single post promoting these fake tools received over 62,000 views, with users mainly seeking free AI-based video and image editing tools.

Pages impersonated include:

Luma Dreammachine AI
Luma Dreammachine
gratistuslibros

🕸 How the Scam Works

Victims are lured into clicking links claiming to offer AI-powered services like video editing, logo creation, and even website design. One of the fake sites identified is a clone of CapCut AI, promoted as an "all-in-one AI video editor."
When users follow instructions and upload content, they’re prompted to download a file allegedly generated by AI—but in reality, it’s a malicious ZIP file named VideoDreamAI.zip .
Inside is a disguised executable named Video Dream MachineAI.mp4.exe . Running it launches a chain reaction:

It executes a legitimate CapCut.exe (video editor from ByteDance).
This triggers a malicious loader called CapCutLoader written in .NET.
The loader downloads a Python-based malware (srchost.exe) from a remote server.
This malware installs Noodlophile Stealer.

🔓 What Noodlophile Can Steal

Browser login credentials
Crypto wallet data
Sensitive personal information
In some cases, it installs a remote access trojan (RAT) like XWorm, allowing hackers full control over the victim’s machine.

🌐 Southeast Asia Suspected as Origin

Morphisec believes the developer of Noodlophile is likely based in Southeast Asia, a known hotspot for cybercrime targeting Facebook users.

⚠️ Not an Isolated Incident

This attack follows similar incidents in 2023, where Meta removed over 1,000 malicious links exploiting interest in ChatGPT to distribute malware. In parallel, cybersecurity firm CYFIRMA also reported a new .NET-based malware dubbed PupkinStealer, capable of exfiltrating sensitive data via Telegram bots.

🧠 Why AI Is Being Exploited

The popularity of AI tools has become a powerful social engineering weapon. Scammers take advantage of users' eagerness to access “free” or cutting-edge AI features—often with minimal verification.

🔐 Stay Safe

To protect yourself:

Be skeptical of AI tools promoted via social media ads or unknown Facebook Pages
Never download files from unofficial sources
Keep your security software up to date
Inspect app origins and reviews before installing anything

The rise of AI has brought innovation—but also a new generation of cyberthreats that prey on curiosity and trust.