Cyber attackers continue to spread the malware named "Noodlophile" using new and much more insidious methods to steal the sensitive data of organizations worldwide. In this campaign, which specifically targets companies, fake "copyright infringement" notices have been utilized for over a year. To lure victims into a trap, attackers employ highly convincing phishing tactics by including companies' own Facebook page details and previously gathered information in the emails.

When the fake links in these emails—sent via Gmail to create a sense of urgency in the victims—are clicked, the malware stealthily downloads to the system. Once infiltrated into the computer, this software hides behind legitimate programs to evade security systems and antivirus programs. It even attempts to cover its tracks by using Telegram as its command infrastructure. By operating directly in the device's memory without leaving a persistent trace on the disk, this method is unfortunately highly successful in bypassing traditional security measures.

The threat of this malware, which currently primarily steals data from web browsers and collects system information, is growing continuously. Code reviews indicate that the software's developers are not sitting idle; much more destructive features, such as taking screenshots, logging keystrokes, and encrypting files, will be added in the near future. Companies with an active presence on social media are the primary targets of these attacks.

Some of the precautions we need to take to protect against these types of attacks include:

• Do not open emails from untrusted sources.

• Use multi-factor authentication (MFA).

• Keep your system updated to the latest version at all times.

• Monitor login logs regularly.

• Track the security of mobile devices.

• 
  

For detailed information, you can reach out to our experts at info@zerosecond.ae