Fake AI image generators advertised on Facebook are leading to a new infostealer called “Noodlophile,” Morphisec reported.The Morphisec researchers discovered Facebook pages impersonating the legitimate text-to-video AI service Luma Dream Machine, which linked to fake websites promising free image-to-video AI generations.One of the fake pages had nearly 4,000 followers, and one of the pages was “verified” with a blue checkmark, screenshots published by Morphisec show. Additionally, one of the posts advertising the fake video generator gained more than 62,000 views.If a user uploaded an image to be converted into a video on one of these sites, the site would provide an archive download claiming to contain the AI video, which in reality held a malicious executable and hidden folder containing other malicious files.The initial executable was named “Video Dream MachineAI.mp4. exe” with a false video file extension and whitespace included to mask its true nature. The file is a modified version of the legitimate CapCut video editing tool and is signed with a certificate created using WinAuth, potentially helping the malware evade security alerts.Once executed, this file sets off a multi-layered attack chain leveraging additional files from the hidden folder “5.0.0.1886.” The initial executable locates and executes a second executable titled “CapCut.exe,” which is a C++ wrapper embedded with a malicious .NET payload.“CapCut.exe” is also embedded with about 275 portable executable (PE) files, inflating its size to 140 MB, which may help it better resemble a legitimate software application and evade static scanners, according to Morphisec.“CapCut.exe” launches the malicious .NET component “CapCutLoader,” which confirms internet connectivity by pinging google.com up to 10 times and then imports the function wgom from the file “AICore.dll.” The wgom function facilitates the execution of command-line functions, enabling the execution of “install.bat,” which is renamed from its original title “Document.docx” by “CapCutLoader” prior to execution.The obfuscated batch script file, disguised as a Word document, performs a series of actions to establish persistence, hinder investigation and retrieve the final Noodlophile payload.The script creates a new batch script “Explorer.bat” and registers it under the Run registry key to establish persistence. It uses a file called “srchost.exe” to execute Python code that retrieves another Python script “Randomuser2025.txt” from a remote URL. It then deletes itself and the extracted archive in an attempt to erase forensic traces of the attack, Morphisec explained.The “Randomuser2025.txt” file dynamically decodes and loads the Noodlophile payload in memory, along with a Python-based loader called XWorm. “Randomuser2025.txt” also contains about 10,000 repeated instances of 1 / int(0) at the top of the file, which are designed to “break automated tools, especially those that attempt disassembly or bytecode analysis or AST parsers,” Morphisec Security Research Shmuel Uzan wrote.The Noodlophile information-stealing malware harvests browser credentials, cookies, cryptocurrency wallet information and other sensitive information and tokens. It sends extracted information to the attacker via Telegram and is believed to be offered as a malware-as-a-service (MaaS) offering based on Morphisec’s investigation into the malware’s developer.The discovered attacks sometimes bundle Noodlophile with the XWorm dropper tool, which serves to help facilitate the infection by using a local shellcode loader function to directly execute donut code in memory, and perform PE hollowing targeting RegAsm.exe to inject the malware into the legitimate system process, but only if Avast tools are present, Morphisec noted.As generative AI tools are becoming more popular for both personal and business use, more fake AI tools are emerging to trick users into installing malware. One recent campaign spreading malware known as TookPS used free installations of the DeepSeek and other business tools as social engineering lures.In another example, fake Python Package Index (PyPI) packages claiming to provide API access to ChatGPT and Claude led to the installation of the JarkaStealer infostealer malware in an attack discovered last year.