Noodlophile expanded copyright-infringement spear-phishing campaign
Campaign
Summary
Hide ▲
Show ▼
The Noodlophile campaign has expanded its spear-phishing playbook, using copyright infringement notices to target enterprises across the U.S., Europe, Baltic countries, and APAC. The emails are tailored with reconnaissance details such as Facebook Page IDs and company ownership information, making the lure more convincing. The shift matters because the operation is delivering an information stealer through an increasingly evasive chain that uses Gmail, Dropbox, Telegram, and paste[.]rs to reduce detection and persistence.
Related Happenings
Albiriox Austrian-targeting distribution campaign
Campaign
First: 01.12.2025 10:45
Last: 01.12.2025 10:45
Sources 1
About this happening:
The **Albiriox** distribution campaign targeted **Austrian victims**, using **German-language SMS lures** and fake **Google Play Store** listings to deliver a dropper APK and enab...
Albiriox Austrian-targeting distribution campaign
CampaignAbout this happening: The **Albiriox** distribution campaign targeted **Austrian victims**, using **German-language SMS lures** and fake **Google Play Store** listings to deliver a dropper APK and enab...
UNK_SmudgedSerpent overlaps with TA453 TA455 and TA450 campaign expands across multiple victims
Campaign
First: 05.11.2025 18:00
Last: 05.11.2025 18:00
Sources 1
About this happening:
**UNK_SmudgedSerpent** is a **previously unknown** campaign that targeted **academics** and **foreign policy experts** focused on **Iran** and related policy issues between **June...
UNK_SmudgedSerpent overlaps with TA453 TA455 and TA450 campaign expands across multiple victims
CampaignAbout this happening: **UNK_SmudgedSerpent** is a **previously unknown** campaign that targeted **academics** and **foreign policy experts** focused on **Iran** and related policy issues between **June...
Bonvi Team DeliveryRAT Telegram distribution campaign targeting Russian Android users
Campaign
First: 03.11.2025 13:14
Last: 03.11.2025 13:14
Sources 1
About this happening:
The **Bonvi Team** distribution operation is actively pushing **DeliveryRAT** to **Russian Android device owners**, increasing the reach of a mobile malware scheme that relies on...
Bonvi Team DeliveryRAT Telegram distribution campaign targeting Russian Android users
CampaignAbout this happening: The **Bonvi Team** distribution operation is actively pushing **DeliveryRAT** to **Russian Android device owners**, increasing the reach of a mobile malware scheme that relies on...
Raven Stealer infostealer distributed via underground forums and cracked software
Malware Activity
First: 17.09.2025 15:06
Last: 17.09.2025 15:06
Sources 1
About this happening:
The **Raven Stealer** infostealer is now being distributed through **underground forums** and **cracked software**, creating a theft risk for **Chromium-based browser** credential...
Raven Stealer infostealer distributed via underground forums and cracked software
Malware ActivityAbout this happening: The **Raven Stealer** infostealer is now being distributed through **underground forums** and **cracked software**, creating a theft risk for **Chromium-based browser** credential...
Timeline
-
18.08.2025 22:24 1 articles · 9mo ago
Expanded copyright-phishing campaign targets enterprises across multiple regions
Campaign Scope UpdateNoodlophile operators target enterprises in the U.S., Europe, Baltic countries, and APAC with spear-phishing emails posing as copyright infringement notices, personalized with reconnaissance-derived details such as Facebook Page IDs and company ownership information. The delivery chain uses Gmail-sent messages, Dropbox-hosted ZIP or MSI installers, Haihaisoft PDF Reader DLL sideloading, Windows Registry persistence, and Telegram group descriptions to resolve payload hosting on paste[.]rs for the obfuscated Noodlophile stealer.
Show sources
- Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures — thehackernews.com — 18.08.2025 22:24