Weaponized Copyright Documents Used by Threat Actors to Target Key Employees with Noodlophile Stealer
gbhackersThe Noodlophile Stealer malware, initially uncovered in campaigns leveraging fake AI video generation platforms, has evolved into a targeted spear-phishing operation that weaponizes copyright infringement notices to infiltrate enterprises with substantial Facebook presences.
This updated variant, active for over a year, shifts from broad social media lures to highly personalized emails impersonating legal entities, incorporating reconnaissance-derived details such as specific Facebook Page IDs and company ownership data.
These phishing attempts, often dispatched from Gmail accounts to evade initial scrutiny, employ multilingual content potentially AI-generated in languages including English, Spanish, Polish, and Latvian, broadening their global reach across the US, Europe, Baltic regions, and APAC.

Exploit Enterprise Social Media Dependencies
By demanding urgent action on alleged violations, attackers pressure key employees or generic inboxes like info@ or support@ into downloading malicious payloads disguised as evidence files, such as “View Copyright Infringement Evidence.pdf.”

This approach mirrors past ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE