Methodology of the Attack

According to Morphisec researcher Shmuel Uzan, these malicious actors have shifted from traditional phishing methods to creating convincing AI-themed platforms. These platforms are often advertised through legitimate-looking Facebook groups and viral social media campaigns.

• Target Audience: Users seeking AI tools for video and image editing.
• Engagement: Some posts have garnered over 62,000 views, indicating significant interest.

Identified Fake Pages:

• Luma Dreammachine AI
• Luma Dreammachine
• gratistuslibros

How the Malware Works

Users who engage with these posts are directed to links promoting AI-powered content creation services, such as video editing and logo design. One notable fake website masquerades as "CapCut AI," claiming to offer an all-in-one video editor with new AI features.

1. User Interaction: Unsuspecting users upload their images or video prompts.
2. Malicious Download: Instead of receiving the promised content, users download a malicious ZIP file named "VideoDreamAI.zip."
3. Infection Chain:
   • The ZIP file contains a deceptive executable named "Video Dream MachineAI.mp4.exe."
   • This executable launches a legitimate binary associated with ByteDance's video editor, "CapCut.exe."
   • It then runs a NET-based loader called CapCutLoader, which ultimately loads a Python payload ("srchost.exe") from a remote server.

Capabilities of Noodlophile Stealer

Once deployed, the Noodlophile Stealer can:

• Harvest browser credentials
• Extract cryptocurrency wallet information
• Collect other sensitive data

In some cases, the malware is bundled with a remote access trojan, such as XWorm, providing attackers with entrenched access to infected systems.

Background on the Developer

The developer of Noodlophile is believed to be of Vietnamese origin, claiming on their GitHub profile to be a "passionate Malware Developer from Vietnam." The account was created on March 16, 2025. Vietnam has a notable cybercrime ecosystem, with a history of distributing various stealer malware families targeting platforms like Facebook.

Historical Context

The use of AI technologies as a lure for cybercriminal activities is not new. In 2023, Meta reported removing over 1,000 malicious URLs that exploited OpenAI's ChatGPT to propagate around 10 different malware families.

Details of the Attack

The Microsoft Threat Intelligence team reported that the exploitation of this vulnerability has led to the collection of sensitive user data from targets associated with the Kurdish military. This operation is attributed to a threat group known as Marbled Dust (formerly Silicon), which is also referred to as Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326.

• Group Activity: Marbled Dust has been active since at least 2017, with documented attacks against public and private entities in the Middle East and North Africa starting in 2019.
• Previous Targets: The group has previously targeted telecommunications, media, internet service providers (ISPs), IT service providers, and Kurdish websites in the Netherlands.

Exploited Vulnerability

The vulnerability in question is identified as CVE-2025-27920, a directory traversal flaw affecting Output Messenger version 2.0.62. This vulnerability allows remote attackers to access or execute arbitrary files. The developer, Srimax, addressed this issue with an update to version 2.0.63 in late December 2024, but did not acknowledge any exploitation in the wild in their advisory.

Attack Methodology

Initial Access: The threat actor gains access to the Output Messenger Server Manager application as an authenticated user. Techniques such as DNS hijacking or typosquatted domains are believed to be used to intercept authentication credentials.

Payload Deployment: Once access is obtained, the attacker collects Output Messenger credentials and exploits CVE-2025-27920 to drop malicious payloads:

• Payloads: "OM.vbs" and "OMServerService.vbs" are placed in the server startup folder, while "OMServerService.exe" is dropped in the server's "Users/public/videos" directory.
• Execution of Backdoors: The "OMServerService.vbs" script invokes "OM.vbs" and "OMServerService.exe." The latter is a Golang backdoor that connects to a hard-coded domain ("api.wordinfos[.]com") for data exfiltration.
• Client-Side Execution: On the client side, the installer extracts and executes both the legitimate OutputMessenger.exe and another Golang backdoor, "OMClientService.exe," which connects to a Marbled Dust command-and-control (C2) domain.
• Data Exfiltration: The backdoor performs a connectivity check via a GET request to the C2 domain. If successful, it sends a second GET request containing hostname information to uniquely identify the victim. The response from the C2 is executed using the command 'cmd /c' to run specific commands.

Additional Findings

Microsoft also identified a second vulnerability, CVE-2025-27921, a reflected cross-site scripting (XSS) flaw in the same version of Output Messenger. However, there is no evidence of this vulnerability being exploited in real-world attacks.