Tech »  Topic »  Weaponized Copyright Documents Used by Threat Actors to Target Key Employees with Noodlophile Stealer

Weaponized Copyright Documents Used by Threat Actors to Target Key Employees with Noodlophile Stealer


The Noodlophile Stealer malware, initially uncovered in campaigns leveraging fake AI video generation platforms, has evolved into a targeted spear-phishing operation that weaponizes copyright infringement notices to infiltrate enterprises with substantial Facebook presences.

This updated variant, active for over a year, shifts from broad social media lures to highly personalized emails impersonating legal entities, incorporating reconnaissance-derived details such as specific Facebook Page IDs and company ownership data.

These phishing attempts, often dispatched from Gmail accounts to evade initial scrutiny, employ multilingual content potentially AI-generated in languages including English, Spanish, Polish, and Latvian, broadening their global reach across the US, Europe, Baltic regions, and APAC.

Phishing email

Exploit Enterprise Social Media Dependencies

By demanding urgent action on alleged violations, attackers pressure key employees or generic inboxes like info@ or support@ into downloading malicious payloads disguised as evidence files, such as “View Copyright Infringement Evidence.pdf.”

Payload Analysis

This approach mirrors past ...


Copyright of this story solely belongs to gbhackers . To see the full text click HERE