CyberWire Daily: "A new stealer hiding behind AI hype." [Research Saturday]

Date: November 29, 2025
Host: Dave Bittner, N2K Networks
Guest: Michael Gorlick, CTO of Morphisec
Topic: Noodle File Stealer malware campaign - AI video platform social engineering & evasion techniques

Episode Overview

This Research Saturday encore revisits a particularly deceptive and advanced malware operation: the Noodle File Stealer. Disguised as artificial intelligence video generation software and spread through viral social media ads, Noodle File Stealer quietly exfiltrates browser credentials, cryptocurrency wallets, and can deploy further malware (like X Worm RAT)—all while masquerading as legitimate tools. Michael Gorlick from Morphisec breaks down the technical sophistication, delivery tactics, and wider implications of this campaign, highlighting the growing difficulty in distinguishing between bona fide and malicious AI platforms.

Key Discussion Points & Insights

1. Discovery of Noodle File Stealer

[02:19]

The campaign was first identified after its execution on a Morphisec client’s network.
Initial investigation revealed the malware was spread via compromised AI video frameworks.

"We are starting to basically investigate and look back which actually discovered... a full chain of AI frameworks compromised."
— Michael Gorlick (02:19)

2. Technical Anatomy & Delivery Techniques

[03:15]

Noodle File Stealer is notable for its advanced and rare delivery:
- Delivered in-memory via Python, using base85 encoding (as opposed to the more common base64).
- Maintains a small on-system footprint to evade detection.
Main functions:
- Steals browser data, crypto wallets.
- Can deploy remote access trojans (RATs) like X Worm.

Delivery Workflow

[04:11]

Victims download archives (zip/rar) from what appear to be AI video platforms.
Archives include decoy files (e.g., “invoice.pdf”), but these are heavily disguised executable payloads.
Hidden directories and modified headers thwart simple scans; unpacking/decryption occurs via a loader, which renames and executes Python-compiled executables.

"Those files... are not really invoices or not really documents. They basically are advanced archive files with a bunch of different executables... with modified headers to avoid... simple scanning..."
— Michael Gorlick (04:11)

3. Social Engineering: Fake AI Video Generation Platforms

[07:05]

Attackers exploit the AI gold rush:
- Fake AI video platforms (e.g., “Lumadream”, “Dream AI”) mimic real ones (e.g., “Luma Labs”).
- Facebook pages advertising these platforms often have more followers than legitimate counterparts, with similar or even verified-like branding.
- Users are lured via ads offering appealing features (e.g., aging a photo to show how a child would grow up).
Key social engineering cues:
- Malicious platforms allow instant downloads (legitimate require signup).
- Both real and fake sites use low-cost SSL certificates (e.g., Let’s Encrypt), making reputation checks unreliable.

"...all of them using a very similar template... their amount of followers is even higher than the original... You get to the point where, hey, I don't know if it's legitimate or not and I don't have anyone to trust."
— Michael Gorlick (07:15)

4. Victim Workflow: Step-by-Step Infection

[13:11]

User clicks AI video ad (often on Facebook).
Redirected to a professionally designed site that closely mirrors legitimate AI platforms.
Prompts download of a large archive (typically via “Script.js”).
Archive contains visible decoy files and hidden folders with malicious executables.
- Less tech-savvy users may not see the hidden content.
- Execution triggers malware deployment.

"...whether you upload your images, just trying something for free, there are different control flows... it’s always the same archive and... a heavy one."
— Michael Gorlick (13:11)

5. Challenges of Detection

[15:22]

Archive-based delivery complicates both perimeter and endpoint detection.
Embedding executables in archives with non-standard headers bypasses basic scanning tools (e.g., Windows Defender, SmartScreen).
Advanced defenses (e.g., application control, robust endpoint protection) are more likely to catch it.

"...the archive, it's very easy to hide artifacts within... so as soon as it gets to your disk, it's actually quite challenging to detect by existing controls."
— Michael Gorlick (15:32)

Recommendation:
- Avoid downloading archives from unknown AI platforms.
- Rely only on signed, reputable software sources.

6. Technical Oddities & Attribution Notes

[17:52]

Malware uses two-layer decoding: base64 and base85; base85 is rare in malware, previously seen mainly in some Korean-linked attacks.
OSINT suggests possible ties to Taiwanese threat actors (unusual for this scale of campaign).
Often, X Worm RAT is delivered in tandem with the info stealer, enabling remote command execution and deeper system compromise.

"...they use a combination of base 64 and base 85, which is quite rare... we got to actors that are Taiwanese in this case, which is also a bit unique."
— Michael Gorlick (17:52)

7. Takeaways & Future Outlook

[20:16]

The real threat isn’t just malware innovation, but the evolving and highly effective delivery methods enabled by AI hype.
The current environment is reminiscent of the early “exploit kit” era (e.g., 2016), where new vectors abound and defenses struggle to keep pace.
Recommendations:
- Be highly skeptical of too-good-to-be-true AI platforms—especially those that don’t require sign-up or push archive downloads.
- Security controls will take time to adapt to these new methods; in the meantime, users and organizations must exercise caution.
- Carefully validate sources before downloading or uploading anything to such sites.

"At this moment I'm kind of not concerned with regard to the super advanced malware. I'm more concerned of the delivery techniques... it will take a year or two until security controls will adapt to this new delivery risk."
— Michael Gorlick (20:16)

Notable Quotes

"You get to the point where, hey, I don't know if it's legitimate or not and I don't have anyone to trust."
— Michael Gorlick (07:15)
"The real threat isn’t just malware innovation, but the evolving and highly effective delivery methods enabled by AI hype."
— Summed from Michael Gorlick’s remarks (20:16)

Key Timestamps

[02:19] – Discovery and investigation
[03:15] – Noodle File Stealer technical details
[04:11] – Delivery techniques & social engineering
[07:15] – Fake AI platform tactics on social media
[13:11] – Victim infection path
[15:32] – Detection and mitigation challenges
[17:52] – Malware decoding methods and actor attribution
[20:16] – High-level takeaways and user advice

Conclusion

The Noodle File Stealer campaign signals a critical evolution in how cybercriminals harness AI trends to conduct sophisticated, large-scale social engineering. With legitimate-seeming platforms and advanced evasion tactics, classic heuristic markers (like SSL certificates and social reputations) no longer differentiate friend from foe. Until security controls evolve, heightened caution is essential for both individuals and organizations engaging with new AI platforms.

CyberWire Daily: "A new stealer hiding behind AI hype." [Research Saturday]

Episode Overview

Key Discussion Points & Insights

1. Discovery of Noodle File Stealer

[02:19]

The campaign was first identified after its execution on a Morphisec client’s network.
Initial investigation revealed the malware was spread via compromised AI video frameworks.

"We are starting to basically investigate and look back which actually discovered... a full chain of AI frameworks compromised."
— Michael Gorlick (02:19)

2. Technical Anatomy & Delivery Techniques

[03:15]

Noodle File Stealer is notable for its advanced and rare delivery:
- Delivered in-memory via Python, using base85 encoding (as opposed to the more common base64).
- Maintains a small on-system footprint to evade detection.
Main functions:
- Steals browser data, crypto wallets.
- Can deploy remote access trojans (RATs) like X Worm.

Delivery Workflow

[04:11]

Victims download archives (zip/rar) from what appear to be AI video platforms.
Archives include decoy files (e.g., “invoice.pdf”), but these are heavily disguised executable payloads.
Hidden directories and modified headers thwart simple scans; unpacking/decryption occurs via a loader, which renames and executes Python-compiled executables.

"Those files... are not really invoices or not really documents. They basically are advanced archive files with a bunch of different executables... with modified headers to avoid... simple scanning..."
— Michael Gorlick (04:11)

3. Social Engineering: Fake AI Video Generation Platforms

[07:05]

Attackers exploit the AI gold rush:
- Fake AI video platforms (e.g., “Lumadream”, “Dream AI”) mimic real ones (e.g., “Luma Labs”).
- Facebook pages advertising these platforms often have more followers than legitimate counterparts, with similar or even verified-like branding.
- Users are lured via ads offering appealing features (e.g., aging a photo to show how a child would grow up).
Key social engineering cues:
- Malicious platforms allow instant downloads (legitimate require signup).
- Both real and fake sites use low-cost SSL certificates (e.g., Let’s Encrypt), making reputation checks unreliable.

"...all of them using a very similar template... their amount of followers is even higher than the original... You get to the point where, hey, I don't know if it's legitimate or not and I don't have anyone to trust."
— Michael Gorlick (07:15)

4. Victim Workflow: Step-by-Step Infection

[13:11]

User clicks AI video ad (often on Facebook).
Redirected to a professionally designed site that closely mirrors legitimate AI platforms.
Prompts download of a large archive (typically via “Script.js”).
Archive contains visible decoy files and hidden folders with malicious executables.
- Less tech-savvy users may not see the hidden content.
- Execution triggers malware deployment.

"...whether you upload your images, just trying something for free, there are different control flows... it’s always the same archive and... a heavy one."
— Michael Gorlick (13:11)

5. Challenges of Detection

[15:22]

Archive-based delivery complicates both perimeter and endpoint detection.
Embedding executables in archives with non-standard headers bypasses basic scanning tools (e.g., Windows Defender, SmartScreen).
Advanced defenses (e.g., application control, robust endpoint protection) are more likely to catch it.

"...the archive, it's very easy to hide artifacts within... so as soon as it gets to your disk, it's actually quite challenging to detect by existing controls."
— Michael Gorlick (15:32)

Recommendation:
- Avoid downloading archives from unknown AI platforms.
- Rely only on signed, reputable software sources.

6. Technical Oddities & Attribution Notes

[17:52]

Malware uses two-layer decoding: base64 and base85; base85 is rare in malware, previously seen mainly in some Korean-linked attacks.
OSINT suggests possible ties to Taiwanese threat actors (unusual for this scale of campaign).
Often, X Worm RAT is delivered in tandem with the info stealer, enabling remote command execution and deeper system compromise.

"...they use a combination of base 64 and base 85, which is quite rare... we got to actors that are Taiwanese in this case, which is also a bit unique."
— Michael Gorlick (17:52)

7. Takeaways & Future Outlook

[20:16]

The real threat isn’t just malware innovation, but the evolving and highly effective delivery methods enabled by AI hype.
The current environment is reminiscent of the early “exploit kit” era (e.g., 2016), where new vectors abound and defenses struggle to keep pace.
Recommendations:
- Be highly skeptical of too-good-to-be-true AI platforms—especially those that don’t require sign-up or push archive downloads.
- Security controls will take time to adapt to these new methods; in the meantime, users and organizations must exercise caution.
- Carefully validate sources before downloading or uploading anything to such sites.

"At this moment I'm kind of not concerned with regard to the super advanced malware. I'm more concerned of the delivery techniques... it will take a year or two until security controls will adapt to this new delivery risk."
— Michael Gorlick (20:16)

Notable Quotes

"You get to the point where, hey, I don't know if it's legitimate or not and I don't have anyone to trust."
— Michael Gorlick (07:15)
"The real threat isn’t just malware innovation, but the evolving and highly effective delivery methods enabled by AI hype."
— Summed from Michael Gorlick’s remarks (20:16)

Key Timestamps

[02:19] – Discovery and investigation
[03:15] – Noodle File Stealer technical details
[04:11] – Delivery techniques & social engineering
[07:15] – Fake AI platform tactics on social media
[13:11] – Victim infection path
[15:32] – Detection and mitigation challenges
[17:52] – Malware decoding methods and actor attribution
[20:16] – High-level takeaways and user advice

wavePod

A new stealer hiding behind AI hype. [Research Saturday]

Powered by Wave AI

Summary

CyberWire Daily: "A new stealer hiding behind AI hype." [Research Saturday]

Episode Overview

Key Discussion Points & Insights

1. Discovery of Noodle File Stealer

2. Technical Anatomy & Delivery Techniques

Delivery Workflow

3. Social Engineering: Fake AI Video Generation Platforms

4. Victim Workflow: Step-by-Step Infection

5. Challenges of Detection

6. Technical Oddities & Attribution Notes

7. Takeaways & Future Outlook

Notable Quotes

Key Timestamps

Conclusion

Summary

CyberWire Daily: "A new stealer hiding behind AI hype." [Research Saturday]

Episode Overview

Key Discussion Points & Insights

1. Discovery of Noodle File Stealer

2. Technical Anatomy & Delivery Techniques

Delivery Workflow

3. Social Engineering: Fake AI Video Generation Platforms

4. Victim Workflow: Step-by-Step Infection

5. Challenges of Detection

6. Technical Oddities & Attribution Notes

7. Takeaways & Future Outlook

Notable Quotes

Key Timestamps

Conclusion