New BundleBot malware emerges

Malicious Facebook ads and accounts redirecting to fraudulent websites for artificial intelligence tools, program utilities, and games have been used to distribute the novel BundleBot malware, which exploits .NET single-file delivery tactics to facilitate the stealthy exfiltration of browser, Telegram, and Facebook data, as well as Discord tokens, The Hacker News reports. Threat actors have used fake Google Bard websites to lure targets into downloading a fake RAR archive with a .NET executable that eventually prompts the retrieval of a password-protected ZIP archive from Google Drive, according to a Check Point report. Included in the ZIP file is a .NET file with BundleBot and a command-and-control data serializer. Another BundleBot version that allows data exfiltration through HTTPS has also been observed. "The delivering method via Facebook Ads and compromised accounts is something that has been abused by threat actors for a while, still combining it with one of the capabilities of the revealed malware (to steal a victim's Facebook account information) could serve as a tricky self-feeding routine," said Check Point.