• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Bumblebee Malware Loader Has a Sting in the Tail

You are here: Home / General Cyber Security News / Bumblebee Malware Loader Has a Sting in the Tail
April 29, 2022

Scientists are warning of a new malware loader currently in use in the wild that appears to have supplanted the prolific BazarLoader.

Dubbed “Bumblebee,” the malware is being utilised by a number of menace teams that previously deployed BazarLoader and IceID, according to Proofpoint. The vendor claimed it had not observed BazarLoader considering that February 2022.

“Bumblebee is a innovative downloader containing anti-virtualization checks and a distinctive implementation of common downloader abilities, in spite of it being so early in the malware’s improvement,” Proofpoint explained.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“Bumblebee’s objective is to obtain and execute supplemental payloads. Proofpoint researchers noticed Bumblebee dropping Cobalt Strike, shellcode, Sliver and Meterpreter. The malware title comes from the distinctive user agent ‘bumblebee’ used in early strategies.”

The malware alone has been connected to the Conti ransomware group, though it’s getting made use of mainly by preliminary obtain brokers, according to the report.

It’s feasible the enhancement of Bumblebee was begun after BazarLoader infrastructure was determined in the broad trove of inside details on the Conti team leaked by a researcher previously this calendar year.

Proofpoint reported it had noticed several email campaigns operate by at least a few risk actors utilizing custom made lures to trick consumers into downloading Bumblebee. One of these made use of DocuSign-branded phishing emails and was traced back again to TA579, which experienced earlier used BazarLoader and IceID.

Researchers mentioned there are also many similarities amongst the loader and the infamous TrickBot malware in terms of its code, how it is sent, its payloads and evasion strategies.

As BazarLoader was made use of in Conti attacks in the previous, Bumblebee is probably to develop into a well-known software for ransomware groups.

“The introduction of the Bumblebee loader to the crimeware menace landscape and its obvious alternative for BazarLoader demonstrates the flexibility danger actors have to promptly change TTPs and adopt new malware,” warned Proofpoint VP of threat exploration and detection, Sherrod DeGrippo.

“Additionally, the malware is really complex, and demonstrates currently being in ongoing, energetic advancement, introducing new approaches of evading detection.


Some areas of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Five Eyes Agencies List Top 15 Most Exploited Bugs of 2021
Next Post: Vector Capital acquires majority ownership of WatchGuard vector capital acquires majority ownership of watchguard»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.