Noodlophile infostealer delivery and Telegram staging activity
Malware Activity
Summary
Hide ▲
Show ▼
Noodlophile is being delivered through spear-phishing, malicious links, and Telegram-based staging, putting enterprise endpoints at risk of credential theft and broader data loss. The latest activity matters because the payload is installed on victim devices and can harvest credentials, credit card information, and browser data across the US, Europe, Baltic countries, and APAC. The delivery chain also uses DLL sideloading and disguised archives to make detection harder.
Related Happenings
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
BADAUDIO first-stage downloader activity
Malware Activity
First: 21.11.2025 12:42
Last: 21.11.2025 12:42
Sources 1
About this happening:
The **BADAUDIO** malware is now documented as a **first-stage downloader** that can **decrypt and execute AES-encrypted payloads** from a hard-coded **C2 server**, increasing the...
BADAUDIO first-stage downloader activity
Malware ActivityAbout this happening: The **BADAUDIO** malware is now documented as a **first-stage downloader** that can **decrypt and execute AES-encrypted payloads** from a hard-coded **C2 server**, increasing the...
Timeline
-
18.08.2025 23:28 1 articles · 9mo ago
Morphisec releases Noodlophile copyright-complaint campaign analysis
Initial DisclosureMorphisec released analysis of Noodlophile, a sophisticated infostealing campaign that uses bogus copyright complaints sent from Gmail and corporate Facebook pages to lure enterprise users into clicking malicious links, then abuses DLL sideloading in legitimate apps such as Haihaisoft PDF Reader and Excel converters, Dropbox links masked by TinyURL redirects, and Telegram-based staging to install an infostealer that harvests credentials, credit card information, web data, and system data from enterprise endpoints across the US, Europe, Baltic countries, and APAC.
Show sources
- Noodlophile Stealer Hides Behind Bogus Copyright Complaints — www.darkreading.com — 18.08.2025 23:28