While there are many free AI image and video generators available, some can pose significant risks. Using the wrong AI video generator might result in inadvertently downloading malware along with your media.
AI Video Generators May Spread Malware
Recently, a new type of malware known as Noodlophile has been discovered lurking within counterfeit AI video generators. Security experts from Morphisec revealed that these deceptive websites often use enticing names like “Dream Machine” and promote their offerings in Facebook groups to draw in unsuspecting users.
These sites typically prompt users to upload a sample image, which their AI claims to convert into a video. The final product is offered as a downloadable ZIP file. If you’ve turned off file extensions in Windows File Explorer, it might appear to be an MP4 video at first glance. However, it’s actually an executable file disguised as a legitimate version of CapCut (version 445.0). This executable is even signed with a security certificate to avoid raising suspicion.
When you double-click the deceptive MP4 file to view the so-called AI-generated video, it launches CapCut and executes a background batch script. This script utilizes the legitimate Windows tool, certutil.exe, to extract a password-protected RAR archive disguised as a PDF. It also creates a new registry key in Windows, ensuring persistent access to your system.
A hidden Python script is then triggered, which loads the actual infostealer. This script checks if Avast antivirus is installed; if it is, the infostealer is injected into the RegAsm.exe process. If not, it loads directly into the system memory.
Once executed, Noodlophile can extract data from popular browsers like Chrome, Edge, Brave, Opera, and other Chromium-based options on your computer. If you have any cryptocurrency wallet extensions, those are targeted as well.
Investigators have discovered that Noodlophile is sometimes packaged with XWorm, a remote access trojan (RAT) that grants hackers administrative privileges on your machine, allowing them complete control or enabling the upload of additional malware.
All captured data is transmitted to a Telegram bot, which also functions as a command-and-control (C2) server for the infostealer, providing hackers with real-time access to the stolen information.
The best strategy to protect yourself from such malware is to steer clear of untrustworthy AI tools or suspicious websites. To help you get started, we have a list of reliable AI video generators available.
Additionally, I recommend enabling file extensions in Windows 11 so you can see the true nature of the files you are executing. Hackers often exploit this by using double extensions to mislead users, especially since this setting is disabled by default in Windows.
Make sure to keep your operating system and antivirus software up-to-date. Avoid running files downloaded from unknown sources without proper scrutiny, and rely on legitimate, trustworthy web tools to stay safe.
