What happened?
On 27 May 2025, Mandiant reported that a group threat known as UNC6032 has recently been taking advantage of the current enthusiasm around the use of generative AI tools.
By placing malicious ads on social media, users who engaged with these posts were encouraged to click on links promoting purported AI-powered content creation services, such as videos, logos, and even full websites.
Upon redirection to the fraudulent site, users were prompted to upload their own images or videos under the pretence of using an AI service to create or edit content. At the final step, however, upon downloading their processed content the site delivers a ZIP file containing malware, such as, Noodlophile, Starkveil or XWorm. If run, the malware compromises the victim's device, logs keystrokes, and searches for password managers and digital wallets, covertly exfiltrating this data and feeding it back to the attacker.
Over 30 different websites mentioned in social media ads have been identified that collectively reached more than 2.3 million users.
Google's Threat Intelligence Group (GTIG) assesses UNC6032 to have associations with Vietnam, which is corroborated by language indicators and social media profiles referencing Noodlophile and other "Malware as a Service" schemes.
So what?
Cybercriminals are consistently developing new tactics to evade detection across multiple platforms. This campaign leverages a traditional technique to avoid human detection by creating a ZIP archive containing an executable with a double extension, such as ".mp4.exe", to conceal the true nature of the downloaded file, which is nothing new. What sets this campaign apart is its clever exploitation of AI as a social engineering lure.
Unlike older approaches that rely on concealing malicious content within pirated software or other such unscrupulous tools, this campaign targets a new audience: users across all business sectors keen on using AI to boost productivity legitimately.
How do I protect myself?
Users should be recommended to exercise caution when engaging with AI tools, verifying the legitimacy of any domains used prior to uploading or downloading any content.
Consider reducing your attack surface by configuring a Windows AppLocker policy or implementing application whitelisting to prevent any malicious payloads from being executed. While blacklisting is generally a less restrictive approach than whitelisting, this approach does not account for unidentified or newly emerging threats, especially considering the dynamic (and often ephemeral) nature of these applications.
To avoid falling foul of the UNC6032 campaign, you can find a list of Indicators of Compromise (IOCs) at the links below. This list includes domains hosting the aforementioned tools, file hashes, and IP addresses related to Command and Control (C2) traffic, which can be used to both configure alerting rules or review historic activity within your environment.
Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
Threat Analysis: New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms