A

You're listening to the Cyberwire network, powered by N2K. Welcome to a very special Thanksgiving encore of Research Saturday. This week we explored the Noodle File Stealer, a malware campaign disguised as AI video generation platforms spread through viral social media campaigns. It steals browser credentials, crypto wallets and can deploy remote access trojans like X Worm or. All while posing as legitimate software. Michael Gorlick, CTO of Morphisec explains how it works and why it's so hard to detect. We hope you enjoy this encore of Research Saturday. Thanks for listening and for those celebrating, have a safe and happy Thanksgiving.

B

From phishing to ransomware, cyber threats are constant. But with nordlayer, your defense can be too many. Nordlayer brings together secure access and advanced threat protection in a single seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com CyberWire Daily Code CYBERWIRE28 that's valid through December 10, 2025. Hello everyone and welcome to the Cyberwires Research Saturday. I'm Dave Buettner and this is weekly conversation with researchers and analysts tracking down the threats and vulnerabilities, solving some of the hard problems and protecting ourselves in our rapidly evolving cyberspace. Thanks for joining us.

C

So this is how we discovered basically the execution of the info steering the not layer, not the pile infosteller was executing actually on one of our medium sized customers. And then we are starting to basically investigate and look back which actually discovered, brought to the discovery of a full chain of AI frameworks compromised, which I'm sure we will be discussing right now.

B

That's Michael Gorlick, Chief Technology Officer at morphisec. The research we're discussing today is titled New Noodle File Stealer distributes via fake AI video generation platforms. Well, let's dig into it together here. What exactly is Noodle File Stealer and what are its primary functions?

C

Yeah, so this is very similar in a way to some of the other infrastructures. Delivery technique is, is quite advanced and relatively rare in which it was delivered through Python in memory with base 85 encoding which is kind of very different from base 64, the stereo itself. I guess the history of the browsers it can hijack Then intercept wallet credentials and more. But it's relatively minimal in a way to possibly avoid significant footprint on the endpoint.

B

And how would someone find themselves with this on their system? How does it infiltrate someone?

C

Yeah, so in this case the delivery technique is quite advanced and we are talking about the delivery and in our blog post we discovered just a delivery of an archive that was basically downloaded by the different victims and this archive and we'll get to the, you know, the AI framework, but starting from the download portion, if you download this archive, this archive basically included different files like Document PDF and others with additional hidden directory. If you download it actually today you will see that there are quite a lot of still those AI framework sites that also deliver archives. But this time you'll find invoices and other type of documents that can resonate very nicely in the way of social engineering. But those files, the document PDF or the invoice PDF or any of the other content files are not really invoices or not really documents. They basically are in advanced archive files with a bunch of different executables like we described in the blog itself and with the modified headers to avoid basically simple scanning of those files and bypass existing solutions so that eventually the first loader operation is the one to fix those headers back and eventually decrypt or unarchive some of the files by, you know, changing their names back from the PDF to RAR or zip or whatever, and then using a specific password, opening them and get to execute the next stage operation, which are the Python compiled executables, which is also an interesting stage by itself. But really we are talking about a significant archive with executables that are blown up of proportions of 150, 160, 170 megabytes, with many, let's say, advanced techniques. Until you get to those archive, you still have a couple of very advanced techniques that will execute for example Net code within a native executable, et cetera. It's quite advanced techniques to bypass simple interpretation, scanning, interpreted PowerShell, interpreted NET, sorry commands scanning.

B

So my understanding is that these folks are using fake AI video generation platforms to be a vector for the malware.

C

Yes, exactly. At least we intercepted, I think this was the most interesting thing. We intercepted a bunch of websites. But when we were investigating those AI framework websites, Lumadream, Dream AI, we got to a very popular Facebook Pages. There are a bunch of those Facebook pages that are still very much active. They're websites with high reputation delivering this malware and all of them using a very Similar template. And if you look on the websites, on the different websites, you'll see that their followers, their amount of followers is even higher than the regular, the original one, the original framework. So take for example legitimate framework called Luma Labs AI video generator framework. You see that the amount of followers there, like it's about 2.7 thousand of followers. And you have all kind of different screenshots there. In a way this platform is intended for you to upload your images and then see, see this platform generating video. Many of you probably saw those kind of advertisement of inputting or basically uploading your kid image and, and you, as a result you have an output of a video that shows how the kid becomes older and all those very interesting advertisements. So you have the same advertisement there. And I have non real malicious platforms here with three point something thousand followers, with 1.8 thousand followers, totally legit with like my Facebook mark Blue v Mark validated, fully pushing those malicious platform. And if you get to those platform, the difference between those malicious platform to the legitimate platforms is the fact that those malicious platform just allow you to download those example of videos, let's call it like that, for free, without going through the old signing operation, while the legitimate one is actually requires you to sign up for that, that thing. But if you go look even deeper and try to compare, okay, so maybe the SSL certificate are not good enough. Maybe there could be some issues. And you'll find that both the legitimate and non legitimate website are all using kind of very basic certificates like let's encrypt or something like that of that form. Which is funny, but not exactly. Because of the increase of those platforms, every second person creates something very cool today with using those tools, they go and sign their sites, websites with the most basic certificate they can get to. And there is no concept of high reputation, low reputation anymore. Right, because all of them are low reputation, legitimate. Since you get kind of to the point in which, hey, I don't know if it's legitimate or not and I don't have anyone to trust. If it's legit, I don't know.

B

We'll be right back.

A

At Thales, they secure what matters most. The most trusted companies and organizations utilize Thales cybersecurity products to protect critical applications, sensitive data and identities anywhere at scale. Through their innovative services and integrated platforms, Thales provides customers a greater visibility of risks, the ability to defend against cyber threats, close compliance gaps and deliver trusted digital experiences for billions of consumers every day. That's Talas T H A L E S. Learn more at CPL Talas Group.

B

What's your 2am Security worry? Is it do I have the right controls in place? Maybe are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and fix filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows. Using AI to streamline evidence collection, flag risks and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. So what happens once I engage with this fake AI video generation platform? So I'm on Facebook, I'm scrolling through as you do this catches my eye and I decide to play with it. What happens next in terms of it being able to take advantage of me and install the malware? How does it work?

C

Yeah, so you get from one of those like Facebook advertisement in which you see some kind of nice video, cool video. This leads you to a page with high reputation advertising, higher than the legitimate one. And at the core of the page and the main part of the page you have the link for the platform itself. Sometimes the link also comes from top buttons like Learn more automatically forwards your redirects you to that platform as soon as you get to the platform. The platform in a way is very similar to the legitimate platforms you can find in other places. Very cool design, looks very professional and many times leads to the same result of downloading some kind of archive file. So whether you upload your images just trying to something for free, there are different control flows, let's call it like that, different flows that will lead to the same malicious files called Script JS JavaScript file that eventually triggers the download of an archive. So you get to this download from different interactions with those malicious websites. It's always the same archive and different websites deliver different archives. It's always an archive though and quite a heavy one, right? And then from obviously downloading the archive you want to open it. And this archive when you just look at the zip or unarchive it, you will see only one file. But essentially this this archive has a hidden directory which has all those malicious component. Now if you use for example 7 zip and just open that archive without decrypting it, you will see that hidden folder. Most of the users unfortunately are not so sophisticated. They just open the zip and miss out on this hidden folder, which will be triggered by the executable.

B

What about detection here? I mean, what sort of challenges do security professionals face when trying to detect and mitigate something like noodle file?

C

Yeah, well, if it wouldn't be an archive that you would download, the detection would be simpler. You could detect that on the perimeter level. Many of the browsers and defender for cloud and different very basic filtering capabilities to identify those advanced.net overblown executables or misconfigured like RAR files. But the fact that you download an archive, the archive, it's very easy to hide artifacts within those archives. So as soon as it gets to your disk, it's actually quite challenging to detect by existing controls. So you need more sophisticated controls in place like ours for example. Or you can implement if you own a business and you can allow yourself to implement hardening capabilities like application controls and others, which basically do not allow you just to execute anything. And Even if your MP4 has some kind of lung spaces that leads to an execution of executable still will prevent that. So it's really dependent on the organization. For the regular users or innovators or those that are just interested to download something cool from those kind of platforms, I would really recommend not to download archives and if they get archives, just delete those. If this platform kind of Downloads you an MP4, you will be able to to trust at least your basic security controls that will identify that this is not an executable, it's an MP4, it's a video file. Your browser will not let you download executable without using a smart screen, which is the core technology that provided by Microsoft. But smart screen can be bypassed again by using archives.

B

So are there any particular technical elements of this that are worth sharing? Anything that caught your attention inside the malware itself?

C

I mean the malware itself really is one of the things that we identified as the way they used decrypt the Python code itself. They use a combination of base 64 and base 85, which is quite rare. We saw those kind of techniques in some of the GitHubs that were correlated to Korean attacks. We did follow the OSINT and got to actors that are Taiwanese in this case, which is also a bit of a unique. We don't see too many Taiwanese attack on this scale. So there were definitely, if we are looking on The Austin side, couple of interesting points, but again the base 85 decoding was for me, if we are looking on the info stealer, the most interesting, the Infostiller also and many times delivered in parallel with Iraq. In this case it was the X worm also delivered a very similar way by basically taking a base 64 and decoded that with base 85. This is double decoding. And then everyone knows what the XWarm rack obviously and it's extremely persistent and it's much beyond just stealing browser cookies, your history and wallets. That's a persistent, fully capable malware that can execute remote commands. And I would say in most of the cases of this Novihill delivery, we had that route delivered in parallel to the infosteeller. So definitely you would like to validate your network outbound communication. You would like to validate your persistency steps. You know the regular run keys, regular services, if no new services were generated, kind of the basic persistency validation, something that for sure I would validate.

B

What do you hope that people take away from this research that you've published? What are the take homes for you?

C

Yeah, I mean we'll always have sophisticated malwares. This is our job, right? I'm doing it 25 years and every time the hackers, the adversaries innovate in a crazy pace and with the AI they innovate even faster. You see new tactics, new techniques all the time. At this moment I'm kind of not concerned with regard to the super advanced malware. I'm more concerned of the delivery techniques as probably was sound from my small lecture. This is the time right now in which kind of reminds me the 2016 exploit kit times and the times when the wannacry appeared very non stable in a time where many new attack surfaces and new delivery techniques are possible and it will take a year or two until security controls will adapt to this new delivery risk and we'll find a solution to try and identify what is a legitimate AI framework and what is not. Until then I would recommend people not to hurry and download anything from those AI platforms, be extremely careful and validate everything that is downloaded. And where do you upload stuff as well. Many of them are generated by a simple person using the same AI tools that are available to anyone else.

B

Our thanks to Michael Gorlick for from Morphisec for joining us. The research is titled New Noodle File Stealer distributes via fake AI video generation platforms. We'll have a link in the show notes and that's research Saturday brought to you by N2K CyberWire. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights until the end of August. There's a link in the show notes. We hope you'll check it out. This episode was produced by Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here next time.