{"id":46121,"date":"2025-05-15T08:52:44","date_gmt":"2025-05-15T01:52:44","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46121"},"modified":"2025-05-21T08:56:10","modified_gmt":"2025-05-21T01:56:10","slug":"hacker-loi-dung-trao-luu-ai-de-cai-ma-doc-chiem-tai-khoan-va-vi-tien-ao","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/hacker-loi-dung-trao-luu-ai-de-cai-ma-doc-chiem-tai-khoan-va-vi-tien-ao\/","title":{"rendered":"Hacker l\u1ee3i d\u1ee5ng tr\u00e0o l\u01b0u AI \u0111\u1ec3 c\u00e0i m\u00e3 \u0111\u1ed9c chi\u1ebfm t\u00e0i kho\u1ea3n v\u00e0 v\u00ed ti\u1ec1n \u1ea3o"},"content":{"rendered":"

M\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng tinh vi \u0111ang l\u1ee3i d\u1ee5ng l\u00e0n s\u00f3ng AI \u0111\u1ec3 ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i. C\u1ee5 th\u1ec3, tin t\u1eb7c t\u1ea1o ra c\u00e1c trang web gi\u1ea3 m\u1ea1o n\u1ec1n t\u1ea3ng t\u1ea1o video b\u1eb1ng AI, d\u1ee5 ng\u01b0\u1eddi d\u00f9ng nh\u01b0ng th\u1ef1c ch\u1ea5t c\u00e0i c\u1eafm m\u00e3 \u0111\u1ed9c Noodlophile Stealer ch\u01b0a t\u1eebng \u0111\u01b0\u1ee3c ghi nh\u1eadn tr\u01b0\u1edbc \u0111\u00f3 v\u00e0 trojan truy c\u1eadp t\u1eeb xa XWorm.<\/b><\/p>\n

\n
\"1747189147490.png\"<\/div>\n

\u200b<\/p><\/div>\n

C\u00e1ch th\u1ee9c t\u1ea5n c\u00f4ng: Gi\u1ea3 m\u1ea1o n\u1ec1n t\u1ea3ng AI \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin\u200b<\/h2>\n

Chi\u1ebfn d\u1ecbch b\u1eaft \u0111\u1ea7u b\u1eb1ng vi\u1ec7c qu\u1ea3ng b\u00e1 c\u00e1c trang web gi\u1ea3 d\u1ea1ng c\u00f4ng c\u1ee5 AI th\u00f4ng qua nh\u00f3m Facebook gi\u1ea3 m\u1ea1o ho\u1eb7c b\u00e0i vi\u1ebft c\u00f3 t\u00ednh lan truy\u1ec1n cao (h\u01a1n 62.000 l\u01b0\u1ee3t xem). N\u1ea1n nh\u00e2n \u0111\u01b0\u1ee3c m\u1eddi t\u1ea3i l\u00ean \u1ea3nh ho\u1eb7c video \u0111\u1ec3 nh\u1eadn l\u1ea1i \u201cvideo do AI t\u1ea1o ra\u201d. Tuy nhi\u00ean, file \u0111\u00f3 th\u1ef1c ch\u1ea5t l\u00e0 m\u1ed9t file n\u00e9n ZIP, b\u00ean trong ch\u1ee9a m\u1ed9t file th\u1ef1c thi \u0111\u1ed9c h\u1ea1i c\u00f3 t\u00ean l\u00e0: Video Dream MachineAI.mp4.exe. T\u00ean file \u0111\u01b0\u1ee3c \u0111\u1eb7t m\u1ed9t c\u00e1ch c\u1ed1 \u00fd \u0111\u00e1nh l\u1eeba ng\u01b0\u1eddi d\u00f9ng, khi\u1ebfn n\u1ea1n t\u01b0\u1edfng r\u1eb1ng \u0111\u00e2y l\u00e0 m\u1ed9t file video .mp4, nh\u01b0ng th\u1ef1c ch\u1ea5t l\u00e0 m\u1ed9t ch\u01b0\u01a1ng tr\u00ecnh 32-bit vi\u1ebft b\u1eb1ng C++ c\u00f3 kh\u1ea3 n\u0103ng ch\u1ea1y m\u00e3 \u0111\u1ed9c khi m\u1edf.<\/p>\n

\n
\"1747188710063.png\"<\/div>\n

Website gi\u1ea3 m\u1ea1o (\u1ea2nh: Morphisec)<\/i>\u200b<\/div>\n

Noodlophile Stealer v\u00e0 XWorm<\/b>\u200b<\/h2>\n

Noodlophile Stealer l\u00e0 m\u1ed9t lo\u1ea1i m\u00e3 \u0111\u1ed9c \u0111\u00e1nh c\u1eafp th\u00f4ng tin m\u1edbi \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n, c\u00f3 kh\u1ea3 n\u0103ng thu th\u1eadp c\u00e1c d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m nh\u01b0 t\u00e0i kho\u1ea3n \u0111\u0103ng nh\u1eadp v\u00e0 cookie tr\u00ecnh duy\u1ec7t, v\u00ed ti\u1ec1n \u0111i\u1ec7n t\u1eed, token phi\u00ean \u0111\u0103ng nh\u1eadp, v\u00e0 c\u00e1c t\u1ec7p tin quan tr\u1ecdng tr\u00ean m\u00e1y n\u1ea1n nh\u00e2n. \u0110\u1eb7c bi\u1ec7t, m\u00e3 \u0111\u1ed9c n\u00e0y giao ti\u1ebfp v\u1edbi k\u1ebb t\u1ea5n c\u00f4ng th\u00f4ng qua m\u1ed9t bot Telegram, gi\u00fap \u1ea9n danh v\u00e0 truy\u1ec1n d\u1eef li\u1ec7u ra ngo\u00e0i m\u1ed9t c\u00e1ch l\u00e9n l\u00fat. Theo b\u00e1o c\u00e1o, \u1edf giai \u0111o\u1ea1n cu\u1ed1i c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng, Noodlophile Stealer \u0111\u00e3 \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n s\u1eed d\u1ee5ng Telegram bot l\u00e0m k\u00eanh \u0111i\u1ec1u khi\u1ec3n v\u00e0 thu th\u1eadp d\u1eef li\u1ec7u \u0111\u00e1nh c\u1eafp, l\u00e0m t\u0103ng \u0111\u00e1ng k\u1ec3 \u0111\u1ed9 kh\u00f3 ph\u00e1t hi\u1ec7n v\u00e0 kh\u1ea3 n\u0103ng che gi\u1ea5u.<\/p>\n

Trong c\u00e1c bi\u1ebfn th\u1ec3 n\u00e2ng cao, Noodlophile \u0111\u01b0\u1ee3c \u0111\u00f3ng g\u00f3i k\u00e8m v\u1edbi XWorm, m\u1ed9t lo\u1ea1i trojan truy c\u1eadp t\u1eeb xa (RAT) d\u1ea1ng m\u00f4-\u0111un c\u00f3 kh\u1ea3 n\u0103ng:<\/p>\n

    \n
  • Ti\u00eam m\u00e3 shellcode c\u1ee5c b\u1ed9 v\u00e0o ti\u1ebfn tr\u00ecnh h\u1ec7 th\u1ed1ng<\/li>\n
  • \u1ea8n qu\u00e1 tr\u00ecnh th\u1ef1c thi b\u1eb1ng k\u1ef9 thu\u1eadt PE hollowing v\u00e0o ti\u1ebfn tr\u00ecnh RegAsm.exe, gi\u00fap m\u00e3 \u0111\u1ed9c ch\u1ea1y m\u00e0 kh\u00f4ng b\u1ecb ph\u00e1t hi\u1ec7n<\/li>\n
  • Di chuy\u1ec3n ngang v\u00e0 t\u1ef1 nh\u00e2n b\u1ea3n trong m\u1ea1ng n\u1ed9i b\u1ed9<\/li>\n<\/ul>\n

    G\u00f3i n\u00e9n \u0111\u1ed9c h\u1ea1i s\u1eed d\u1ee5ng ki\u1ebfn tr\u00fac ph\u00e1t t\u00e1n nhi\u1ec1u t\u1ea7ng, bao g\u1ed3m h\u00e0ng lo\u1ea1t th\u00e0nh ph\u1ea7n \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 n\u00e9 tr\u00e1nh ph\u00e2n t\u00edch b\u1ea3o m\u1eadt v\u00e0 k\u00edch ho\u1ea1t chu\u1ed7i th\u1ef1c thi m\u00e3 \u0111\u1ed9c m\u1ed9t c\u00e1ch l\u00e9n l\u00fat. C\u1ee5 th\u1ec3:<\/p>\n

      \n
    • CapCut.exe<\/b>: T\u1ec7p wrapper n\u1eb7ng 140MB vi\u1ebft b\u1eb1ng C++, ch\u1ee9a c\u00e1c th\u01b0 vi\u1ec7n .NET \u0111\u1ed9c h\u1ea1i nh\u00fang s\u1eb5n b\u00ean trong.<\/li>\n
    • AICore.dll<\/b>: M\u1ed9t th\u01b0 vi\u1ec7n DLL h\u1ed7 tr\u1ee3 \u0111i\u1ec1u khi\u1ec3n, ch\u1ec9 xu\u1ea5t hi\u1ec7n m\u1ed9t h\u00e0m duy nh\u1ea5t d\u00f9ng \u0111\u1ec3 k\u00edch ho\u1ea1t th\u1ef1c thi batch file.<\/li>\n
    • Document.docx<\/b>: T\u1ec7p th\u1ef1c thi d\u1ea1ng .bat \u0111\u01b0\u1ee3c ng\u1ee5y trang th\u00e0nh t\u00e0i li\u1ec7u Word, s\u1eed d\u1ee5ng m\u00e3 h\u00f3a FF FE nh\u1eb1m v\u00f4 hi\u1ec7u h\u00f3a c\u00e1c c\u00f4ng c\u1ee5 ph\u00e2n t\u00edch t\u0129nh.<\/li>\n
    • Document.pdf<\/b>: T\u1ec7p RAR m\u00e3 h\u00f3a Base64, \u0111\u01b0\u1ee3c ng\u1ee5y trang d\u01b0\u1edbi \u0111\u1ecbnh d\u1ea1ng PDF h\u1ee3p l\u1ec7 \u0111\u1ec3 \u0111\u00e1nh l\u1eeba ng\u01b0\u1eddi d\u00f9ng v\u00e0 ph\u1ea7n m\u1ec1m qu\u00e9t.<\/li>\n
    • meta (images.exe)<\/b>: C\u00f4ng c\u1ee5 WinRAR \u0111\u01b0\u1ee3c \u0111\u1ed5i t\u00ean, d\u00f9ng \u0111\u1ec3 gi\u1ea3i n\u00e9n c\u00e1c payload kh\u00e1c trong n\u1ec1n (silent extraction) m\u00e0 kh\u00f4ng c\u1ea7n t\u01b0\u01a1ng t\u00e1c ng\u01b0\u1eddi d\u00f9ng.<\/li>\n
    • Randomuser2025.txt<\/b>: Tr\u00ecnh loader script Python, m\u00e3 h\u00f3a ph\u1ee9c t\u1ea1p v\u00e0 s\u1eed d\u1ee5ng h\u00e0m exec() \u0111\u1ec3 gi\u1ea3i m\u00e3 v\u00e0 th\u1ef1c thi m\u00e3 \u0111\u1ed9c tr\u1ef1c ti\u1ebfp trong b\u1ed9 nh\u1edb (in-memory decoding).<\/li>\n<\/ul>\n

      Cu\u1ed9c t\u1ea5n c\u00f4ng k\u1ebft th\u00fac b\u1eb1ng vi\u1ec7c th\u1ef1c thi srchost.exe \u2013 m\u1ed9t tr\u00ecnh t\u1ea3i payload vi\u1ebft b\u1eb1ng Python c\u00f3 nhi\u1ec7m v\u1ee5 ti\u00eam m\u00e3 \u0111\u1ed9c Noodlophile (v\u00e0 t\u00f9y ch\u1ecdn th\u00eam XWorm) tr\u1ef1c ti\u1ebfp v\u00e0o b\u1ed9 nh\u1edb, cho ph\u00e9p m\u00e3 \u0111\u1ed9c ho\u1ea1t \u0111\u1ed9ng \u00e2m th\u1ea7m m\u00e0 kh\u00f4ng \u0111\u1ec3 l\u1ea1i d\u1ea5u v\u1ebft tr\u00ean \u1ed5 \u0111\u0129a. Theo \u0111i\u1ec1u tra ban \u0111\u1ea7u, chi\u1ebfn d\u1ecbch n\u00e0y nhi\u1ec1u kh\u1ea3 n\u0103ng xu\u1ea5t ph\u00e1t t\u1eeb m\u1ed9t l\u1eadp tr\u00ecnh vi\u00ean ng\u01b0\u1eddi Vi\u1ec7t, \u0111ang ho\u1ea1t \u0111\u1ed9ng tr\u00ean c\u00e1c ch\u1ee3 \u0111en m\u1ea1ng v\u1edbi m\u00f4 h\u00ecnh malware-as-a-service, s\u1eed d\u1ee5ng t\u00ean g\u1ecdi Noodlophile v\u00e0 th\u01b0\u1eddng \u0111i k\u00e8m c\u00f4ng c\u1ee5 chi\u1ebfm \u0111o\u1ea1t t\u00e0i kho\u1ea3n nh\u01b0 \u201cGet Cookie + Pass.\u201d<\/p>\n

      Khuy\u1ebfn c\u00e1o<\/b>\u200b<\/h2>\n

      Tr\u01b0\u1edbc th\u1ef1c tr\u1ea1ng tr\u00ean, ng\u01b0\u1eddi d\u00f9ng c\u1ea7n c\u1ea3nh gi\u00e1c cao \u0111\u1ed9 khi truy c\u1eadp c\u00e1c n\u1ec1n t\u1ea3ng \u201cAI mi\u1ec5n ph\u00ed\u201d kh\u00f4ng r\u00f5 ngu\u1ed3n g\u1ed1c, \u0111\u1eb7c bi\u1ec7t l\u00e0 nh\u1eefng trang y\u00eau c\u1ea7u t\u1ea3i v\u1ec1 t\u1ec7p th\u1ef1c thi (.exe) sau khi x\u1eed l\u00fd n\u1ed9i dung. \u0110\u00e2y c\u00f3 th\u1ec3 l\u00e0 chi\u00eau tr\u00f2 gi\u1ea3 m\u1ea1o tinh vi nh\u1eb1m ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c v\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u c\u00e1 nh\u00e2n ho\u1eb7c t\u00e0i kho\u1ea3n nh\u1ea1y c\u1ea3m.<\/p>\n","protected":false},"excerpt":{"rendered":"

      M\u1ed9t chi\u1ebfn d\u1ecbch t\u1ea5n c\u00f4ng tinh vi \u0111ang l\u1ee3i d\u1ee5ng l\u00e0n s\u00f3ng AI \u0111\u1ec3 ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i. C\u1ee5 th\u1ec3, tin t\u1eb7c t\u1ea1o ra c\u00e1c trang web gi\u1ea3 m\u1ea1o n\u1ec1n t\u1ea3ng t\u1ea1o video b\u1eb1ng AI, d\u1ee5 ng\u01b0\u1eddi d\u00f9ng nh\u01b0ng th\u1ef1c ch\u1ea5t c\u00e0i c\u1eafm m\u00e3 \u0111\u1ed9c Noodlophile Stealer ch\u01b0a t\u1eebng \u0111\u01b0\u1ee3c ghi nh\u1eadn tr\u01b0\u1edbc […]<\/p>\n","protected":false},"author":20,"featured_media":46122,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-46121","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46121"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46121\/revisions"}],"predecessor-version":[{"id":46123,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46121\/revisions\/46123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46122"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}