Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities - #BundleBot
Two recently discovered malware strains, BundleBot and a variant with similar features, have been found to operate stealthily by exploiting the .NET bundle format which allows them to evade detection. BundleBot spreads through Facebook ads and compromised accounts to phishing websites posing as legitimate programs where victims download infected archives from cloud services. The malware can steal Discord tokens, Telegram and Facebook account info, browser data, and screenshots which are then exfiltrated to remote servers. Check Point Research has analyzed these threats by reverse engineering the .NET bundle format.