Attackers are using spear-phishing emails, disguised as copyright infringement notices, to deliver the Noodlophile infostealer. The emails, tailored to businesses and enterprises, trick recipients into downloading a malicious ZIP or MSI file, which then executes disguised artifacts and deploys the stealer. The Noodlophile stealer retrieves data from target systems and web browsers, and newer versions contain placeholder functions for additional capabilities.