A new wave of attacks on AI service users has been detected.
The creators of the Noodlophile malware appear to have reacted sensitively to the revelations about their activities. After researchers dissected their tool in detail, the authors decided to respond in a unique way, attempting to both retaliate and confuse automated analysis systems.
Noodlophile was first discovered in May 2025. It was then discovered that the program was hiding behind fake AI-powered video creation services that were actively promoted on Facebook *. The attackers artificially inflated the popularity of the pages to gain trust, then offered downloadable archives containing supposedly useful tools. Inside, they turned out to contain a data thief that harvested user accounts, cryptocurrency wallet contents, and other information, then sent it via bots to Telegram.
Google Cloud specialists later reported that Vietnam-linked actors tracked under the name UNC6229 had changed their tactics. Instead of fake services, they began posting fake job postings . Victims include job seekers, students, and digital marketing specialists. Under the guise of a questionnaire or test assignment, people are asked to download a file containing a remote control Trojan. Analysis of the new version revealed a multi-stage infection scheme, loading libraries via DLL substitution, and using Telegram for control, linking the campaign to the same Vietnamese milieu as Noodlophile.
The authors' response to the publicity was most curious. In the new samples, they added millions of repetitions of an offensive phrase in Vietnamese addressed to Morphisec. This technique not only expresses frustration at the thwarted attacks but also inflates the file size. It also disables analysis tools that parse Python bytecode using the standard dis library, as such tools simply crash due to the sheer volume of data.
The same attackers are also credited with posting tips on Facebook for encrypting Python code to make it more difficult for automated systems to parse. They appear to be closely monitoring their analysis and attempting to patch any vulnerabilities.
Other changes were also found in the latest samples. The developers used the classic djb2 hashing algorithm in the function loader, allowing dynamically determining system call addresses. The malware automatically verifies its digital signature and terminates if it detects interference from debugging or analysis tools. The command file, aptly named Chingchong.cmd, is now additionally encrypted with the RC4 algorithm. Several lines of code have been obscured using an exclusive-OR operation to complicate signature matching.
History shows that attackers not only distribute malware but also actively adapt to the way they publish information about themselves. Those looking for work or testing new AI-powered services should exercise caution and carefully check the sources of files. Information security specialists will also need to be aware of the new techniques used by Noodlophile's authors to defeat automated code analysis.
The creators of the Noodlophile malware appear to have reacted sensitively to the revelations about their activities. After researchers dissected their tool in detail, the authors decided to respond in a unique way, attempting to both retaliate and confuse automated analysis systems.
Noodlophile was first discovered in May 2025. It was then discovered that the program was hiding behind fake AI-powered video creation services that were actively promoted on Facebook *. The attackers artificially inflated the popularity of the pages to gain trust, then offered downloadable archives containing supposedly useful tools. Inside, they turned out to contain a data thief that harvested user accounts, cryptocurrency wallet contents, and other information, then sent it via bots to Telegram.
Google Cloud specialists later reported that Vietnam-linked actors tracked under the name UNC6229 had changed their tactics. Instead of fake services, they began posting fake job postings . Victims include job seekers, students, and digital marketing specialists. Under the guise of a questionnaire or test assignment, people are asked to download a file containing a remote control Trojan. Analysis of the new version revealed a multi-stage infection scheme, loading libraries via DLL substitution, and using Telegram for control, linking the campaign to the same Vietnamese milieu as Noodlophile.
The authors' response to the publicity was most curious. In the new samples, they added millions of repetitions of an offensive phrase in Vietnamese addressed to Morphisec. This technique not only expresses frustration at the thwarted attacks but also inflates the file size. It also disables analysis tools that parse Python bytecode using the standard dis library, as such tools simply crash due to the sheer volume of data.
The same attackers are also credited with posting tips on Facebook for encrypting Python code to make it more difficult for automated systems to parse. They appear to be closely monitoring their analysis and attempting to patch any vulnerabilities.
Other changes were also found in the latest samples. The developers used the classic djb2 hashing algorithm in the function loader, allowing dynamically determining system call addresses. The malware automatically verifies its digital signature and terminates if it detects interference from debugging or analysis tools. The command file, aptly named Chingchong.cmd, is now additionally encrypted with the RC4 algorithm. Several lines of code have been obscured using an exclusive-OR operation to complicate signature matching.
History shows that attackers not only distribute malware but also actively adapt to the way they publish information about themselves. Those looking for work or testing new AI-powered services should exercise caution and carefully check the sources of files. Information security specialists will also need to be aware of the new techniques used by Noodlophile's authors to defeat automated code analysis.
