Using the wrong AI video maker could infect your PC with malware

There are many free AI video and image makers, but some can be extremely dangerous to use. If you use the wrong AI video maker, you will get malware along with it.

AI Video Generator Is Distributing Malware

A new piece of information-stealing malware called Noodlophile is hiding in fake AI video generators. Security researchers at Morphisec discovered the campaign, claiming that these fake sites use names like 'Dream Machine' and advertise their services in Facebook groups to attract more users.

The sites will ask you to upload a sample image that their AI will convert into a video and provide the result as a ZIP file  for download. Since Windows doesn't show file extensions in Windows File Explorer by default, most people will see the file as an MP4 video file at first glance. In reality, it's an executable file with a reused version of CapCut (version 445.0). The executable is also signed with a security certificate to avoid suspicion.

If you double-click the fake MP4 to view the AI-generated video you just downloaded, it will open CapCut and run a batch script in the background. The batch script uses the legitimate Windows tool certutil.exe to extract the password-protected RAR archive that masquerades as a PDF file . It also adds a new registry key to Windows to gain persistent access to your system.

Finally, another process is executed, running a hidden Python script that loads the actual info stealer. This script also checks to see if Avast antivirus is installed on the device. If so, the info stealer is injected into the RegAsm.exe process; if not, it is loaded into your system memory.

Once executed, Noodlophile can steal your browsing data from major browsers, including Google Chrome , Microsoft Edge , Brave , Opera , and other Chromium-based browsers you may have installed on your PC. If you have any cryptocurrency wallet extensions installed, they will also be raided.

Researchers found that in some cases, Noodlophile infostealer is bundled with XWorm, a RAT (Remote Access Trojan) that gives hackers administrative rights on your system. They can then take control of the system or upload other malware freely.

All stolen data is sent back to the Telegram bot, which also serves as a command and control (C2) server for the information stealer. This also gives the hackers real-time access to the stolen data.

Be careful with free AI tools!

The best way to protect yourself from such malware is to simply avoid using shady AI tools or any websites you don't trust. TipsMake.com has a list of the best AI video makers to get you started.

You should enable file extensions in Windows 11  so you can see what type of file you're running. Hackers often add double extensions to files and rely on users not being able to see the actual file extension, simply because this Windows setting is disabled by default.

Keep your operating system and antivirus software up to date, don't run files you find randomly on the internet without checking, use legitimate and trustworthy web tools, and you'll be fine.

Kareem Winters

Update 26 May 2025