Malware emerging from AI Video generation tools

AI-generated video content is gaining popularity, particularly among younger audiences. However, this growing trend has also caught the attention of cybercriminals, who are now leveraging these platforms to distribute malicious software. One such threat that has recently emerged is the Noodlophile malware, an info-stealer with advanced capabilities to collect sensitive user data.

A recent investigation by cybersecurity researchers at Morphisec reveals that cybercriminals are actively developing and distributing AI video generation platforms with hidden malicious intent. While these platforms appear legitimate, their primary goal is to infect users’ devices with malware.

Hackers are using this tactic to generate income through two channels:

i.) Ad revenue from users engaging with the AI video platforms.

ii) Malware-as-a-service profits by distributing malware to a wider network of victims via these same platforms.

To lure users, these criminals promote fake AI tools — such as Luma Dreammachine AI, Luma Dreammachine, and gratislibros — across various social media channels.

It’s important for readers to understand that cybercriminals are constantly evolving their methods to sustain illicit revenue streams. When law enforcement cracks down on one avenue, these actors quickly pivot to new platforms and tactics to evade detection and continue their operations.

While authorities are working diligently to contain the spread of malware, their job becomes increasingly complex when such threats are embedded within widely-used applications and websites. Platforms that draw significant user attention are particularly difficult to regulate — a pattern seen over the years starting with piracy websites, then gaming platforms, followed by streaming services, and now, AI-powered tools promoted on social media.

Social media platforms — including X (formerly Twitter), Facebook, and Instagram — have long served as breeding grounds for such scams. These platforms are often used to distribute links to suspicious software or fake services designed to trick unsuspecting users.

To stay safe online, users should exercise caution:

a.) Avoid clicking on links that seem too good to be true or promise free, high-value services.

b.) Always download software and applications from reputable sources, such as official app stores.

c.) Remain vigilant when engaging with new technologies, especially those promoted via unverified social media accounts.