Security News > 2023 > July > Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
"BundleBot is abusing the dotnet bundle, self-contained format that results in very low or no static detection at all," Check Point said in a report published this week, adding it is "Commonly distributed via Facebook Ads and compromised accounts leading to websites masquerading as regular program utilities, AI tools, and games."
NET single-file, self-contained application that, in turn, incorporates a DLL file, whose responsibility is to fetch a password-protected ZIP archive from Google Drive.
"The delivering method via Facebook Ads and compromised accounts is something that has been abused by threat actors for a while, still combining it with one of the capabilities of the revealed malware could serve as a tricky self-feeding routine," the company noted.
The development comes as Malwarebytes uncovered a new campaign that employs sponsored posts and compromised verified accounts that impersonate Facebook Ads Manager to entice users into downloading rogue Google Chrome extensions that are designed to steal Facebook login information.
Users who click on the embedded link are prompted to download a RAR archive file containing an MSI installer file that, for its part, launches a batch script to spawn a new Google Chrome window with the malicious extension loaded using the "-load-extension" flag -.
"That custom extension is cleverly disguised as Google Translate and is considered 'Unpacked' because it was loaded from the local computer, rather than the Chrome Web Store," Jérôme Segura, director of threat intelligence at Malwarebytes, explained, noting it is "Entirely focused on Facebook and grabbing important pieces of information that could allow an attacker to log into accounts."
News URL
https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html
Related news
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- New Google Pixel AI feature analyzes phone conversations for scams (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
- Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes (source)
- Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform (source)
- Google's AI bug hunters sniff out two dozen-plus code gremlins that humans missed (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)