As the popularity of AI apps soars, the latest being Google’s Bard, it’s becoming clearer that threat actors are taking advantage of this popularity.

The latest attack to be launched revolves around BundleBot, a new brand of malware which is as stealthy as it is dangerous. Bundlebot is typically found lurking within Facebook ads that promise to take you to websites containing AI utilities and games. These websites, however, are malicious. Users report that these malicious websites are similar, in terms of design, to Bard, but their main objective is to encourage users to download malicious files, most typically hosted on an external storage site such as Dropbox.

As we become more and more interested in AI, it’s important that we remain on guard against threats such as BundleBox, so let’s take a more in-depth look at what it is.

The Lowdown on BundleBox

Once the malicious file – an RAR archive file often named Google_AI.rar – is downloaded and executed, the BundleBox campaign begins. Within this archive file, is an executable file called GoogleAI.exe which, once activated, retrieves a ZIP file (ADSNEW-1.0.0.3.zip). Once opened, this ZIP file contains a further application by the name of RiotClientServices.exe. This executable is used to fully launch, through the use of a .dll file, the BundleBox attack.

Thanks to junk code being built into Bundlebox’s design, it is able to operate stealthily and away from the attentions of anti-malware software. While it remains hidden, BundleBox utilizes a ‘command and control’ function to steal sensitive data and transmit it to a remote location. The perpetrators behind BundleBox, currently, remain a mystery, but it’s believed they are from Vietnam, due to similar Vietnamese-based attacks being launched through Facebook in recent months.

Staying Safe from BundleBox and Similar Threats

There is no definitive solution to a BundleBox infection at present, but there are plenty of ways you can protect your PCs from falling victim. Make sure that your organization enforces the following:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More