Watch out for these fake software downloads

Jul 24 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that am become Death, the Destroyer of Cybercrime ???????????? #Oppenheimer

Today’s hottest cyber security stories:

  • ???? HotRat: new variant of AsyncRAT malware spreads via pirated software ????‍☠

  • ???? BundleBot malware masquerades as Google AI Chatbot and Utilities ????

  • ???? Amazon agrees to $25 million fine for Alexa child privacy violations ????

It’s a bit idioAsyncRATic ????????????

???? HotRat Malware Alert! ????

???? A new variant of the notorious AsyncRAT malware called "HotRat" is wreaking havoc across the internet! ????

This sneaky malware is being spread through free, pirated versions of popular software and games ????, including video editing tools ????, sound editing software ????, and even Microsoft Office! ????

???? The HotRat malware equips cyber attackers with a frightening array of capabilities, including stealing login credentials, swiping cryptocurrency wallets ????, capturing screens ????, logging keystrokes ⌨️, installing more malware, and even accessing or altering clipboard data! ????

???? Avast security researcher Martin a Milánek warns that this Trojan has been lurking since October 2022, with most infections found in countries like Thailand, Guyana, Libya, Suriname, Mali, Pakistan, Cambodia, South Africa, and India.

⚠️ How does it infect your system? The attackers bundle cracked software from torrent sites with a malicious AutoHotkey (AHK) script. This script deactivates antivirus solutions and unleashes the dreaded HotRat payload using a Visual Basic Script loader.

???? HotRat is no ordinary malware! It boasts nearly 20 commands, each executing a .NET module fetched from a remote server. This allows the attackers to continually update and enhance its features as they please.


To stay safe, avoid downloading cracked software. And remember, HotRat's success hinges on acquiring administrative privileges, so be extra cautious with granting permissions!

???? Let's all be cyber-savvy and protect ourselves from these dangers.

Stay vigilant and share this warning with your friends and family to keep everyone's digital lives secure!

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

BundleBottomline is: ALWAYS check the URL ⌨️????

???? Beware of BundleBot Malware! ????

???? Another new and stealthy malware, BundleBot, is causing trouble by exploiting .NET single-file deployment techniques to steal sensitive information from compromised systems! ???? Check Point has issued a report revealing its alarming behaviour.

???? BundleBot cleverly dodges static detection using the dotnet bundle (single-file) self-contained format. It often lurks behind Facebook Ads and compromised accounts, disguising itself as regular program utilities, AI tools, or games to lure victims. ????

???? The crafty scheme involves mimicking Google Bard, a popular AI chatbot, tricking victims into downloading a fake RAR archive ("Google_AI.rar") hosted on legitimate cloud storage platforms like Dropbox. Once opened, it unleashes the malicious executable file ("GoogleAI.exe").

???? The malware then incorporates a DLL file ("GoogleAI.dll") responsible for fetching a password-protected ZIP archive from Google Drive. Inside this archive, lies another .NET single-file, self-contained application ("RiotClientServices.exe") containing the BundleBot payload ("RiotClientServices.dll") and a command-and-control (C2) packet data serializer ("LirarySharing.dll").

???? BundleBot is designed to be tricky to analyse, using custom-made obfuscation and junk code. It can syphon data from web browsers, capture screenshots, steal Discord tokens, Telegram information, and even Facebook account details! ????

???? Check Point also detected a nearly identical second BundleBot sample, using HTTPS to send stolen information in the form of a ZIP archive to a remote server.

???? The use of Google Bard's allure is no surprise, as cybercriminals have been capitalising on AI tools' popularity to deceive users. Combining this with Facebook Ads and compromised accounts makes it even more dangerous.


Stay vigilant and be cautious when downloading files from unfamiliar sources. Share this warning with friends and family to help protect everyone from this cunning malware. ???? Let's keep our digital world safe! ????️

????️ Extra, Extra! Read all about it ????️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ???? The MoneyFitt Morning: A daily heads-up on what's important in investing & business. Loved by investors of all levels.

  • ???? Discover new markets and ideas. Join 55,248 founders using this free newsletter to stay ahead.

  • ???? The API Hacker Inner Circle: Join a community of developers, testers, and hackers who are upskilling their API hacking tradecraft

    Let us know what you think!

Amazon: Alexa make a deal ????????????

???? Amazon Fined $25 Million Over Alexa Privacy Violations! ????

????️ The U.S. Justice Department and the Federal Trade Commission (FTC) have reached a settlement with Amazon, where the tech giant will pay a $25 million fine. The charges stem from alleged violations of children's privacy laws related to its Alexa voice assistant service ????️‍♀️.

???? Since May 2018, Amazon has offered Alexa voice-activated products and services targeted at children under 13. However, in May 2023, the FTC and DOJ filed charges against the company for breaching children's privacy laws, including the FTC Act and the Children's Online Privacy Protection Act (COPPA).

???? The charges were brought after Amazon failed to comply with parents' requests to delete their children's voice recordings and geolocation information. The complaint revealed that Amazon retained the transcripts of these recordings, without disclosing it, in violation of COPPA.

???? Instead of promptly deleting users' voice data and geolocation information upon request, Amazon chose to keep the data for potential use, which was also found to be in violation of the law.

???? Additionally, Amazon's subsidiary, Ring, is also facing a $5 million fine for its own privacy-related issues.

???? Let this serve as a reminder for companies to prioritise users' privacy and comply with applicable laws to ensure a safe and secure digital environment for everyone. ????

Follow Google’s example: “Don’t be evil!” Oh wait, they discontinued that slogan, didn't they? ????

So long and thanks for reading all the phish!

Recent articles