Security News > 2023 > July > Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities
"BundleBot is abusing the dotnet bundle, self-contained format that results in very low or no static detection at all," Check Point said in a report published this week, adding it is "Commonly distributed via Facebook Ads and compromised accounts leading to websites masquerading as regular program utilities, AI tools, and games."
NET single-file, self-contained application that, in turn, incorporates a DLL file, whose responsibility is to fetch a password-protected ZIP archive from Google Drive.
"The delivering method via Facebook Ads and compromised accounts is something that has been abused by threat actors for a while, still combining it with one of the capabilities of the revealed malware could serve as a tricky self-feeding routine," the company noted.
The development comes as Malwarebytes uncovered a new campaign that employs sponsored posts and compromised verified accounts that impersonate Facebook Ads Manager to entice users into downloading rogue Google Chrome extensions that are designed to steal Facebook login information.
Users who click on the embedded link are prompted to download a RAR archive file containing an MSI installer file that, for its part, launches a batch script to spawn a new Google Chrome window with the malicious extension loaded using the "-load-extension" flag -.
"That custom extension is cleverly disguised as Google Translate and is considered 'Unpacked' because it was loaded from the local computer, rather than the Chrome Web Store," Jérôme Segura, director of threat intelligence at Malwarebytes, explained, noting it is "Entirely focused on Facebook and grabbing important pieces of information that could allow an attacker to log into accounts."
News URL
https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html
Related news
- Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malware (source)
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Azure domains and Google abused to spread disinformation and malware (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- New Voldemort malware abuses Google Sheets to store stolen data (source)
- Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe (source)
- EU kicks off an inquiry into Google's AI model (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- Google Cloud Document AI flaw (still) allows data theft despite bounty payout (source)