Cybercriminals Use Fake AI Tools to Spread Crypto Wallet-Stealing Malware
By [Mr Author], CryptoInvestar
Cybercriminals are exploiting the growing popularity of artificial intelligence by using fake AI tools on social media to distribute a new strain of malware designed to steal cryptocurrency wallets and sensitive personal data.
The malware, known as Noodlophile, masquerades as legitimate AI image and video editing tools, luring unsuspecting users into downloading malicious files that compromise their devices.
According to cybersecurity firm Morphisec, the scam has been widely promoted through Facebook groups and viral social media campaigns, with individual posts reportedly reaching tens of thousands of views.
Deceptive AI Platforms
Unlike traditional phishing attacks or pirated software traps, this scheme employs convincing, AI-themed online platforms.
These sites often bearing names such as Luma Dreammachine AI, Luma Dreammaching, and gratituluslibros promise free AI-powered editing tools.
Users are encouraged to upload images or videos and download what appears to be an AI application, but is in fact a malware-laden ZIP archive.
Once opened, the file typically named VideoDreamAI.zip installs a Python-based payload that deploys the Noodlophile information stealer.
“The attackers have built slick-looking AI platforms to lure people in, exploiting interest in AI tools,” said Shmuel Uzan, a security researcher at Morphisec.
“It’s a subtle and dangerous shift away from old-school phishing tactics.”
Crypto Wallets and Credentials Targeted
Once installed, the malware silently harvests browser login details, cryptocurrency wallet information, and other sensitive data.
In some cases, it is also bundled with additional malicious software, such as XWorm, a remote access trojan that allows attackers to take greater control over compromised systems.
Suspected Vietnamese Origins
Morphisec’s investigation traced elements of the malware’s development to a GitHub profile claiming to belong to a “passionate Malware Developer from Vietnam,” reinforcing suspicions about the software’s Southeast Asian origins.
Authorities have long warned of the region’s active cybercrime landscape, with Southeast Asia frequently cited as a hotspot for malware distribution — particularly via platforms like Facebook.
A Growing Trend
This incident highlights an emerging trend where cybercriminals increasingly use AI-related branding and social media virality to ensnare victims.
The blending of AI hype with tried-and-tested malware delivery techniques presents fresh challenges for both users and cybersecurity professionals.
Experts advise users to remain cautious about downloading software promoted on social media and to verify the authenticity of platforms before sharing personal data or installing applications.
