Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

2022-04-28 21:53

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development.

"Threat actors using Bumblebee are associated with malware payloads that have been linked to follow-on ransomware campaigns," the researchers said.

Interestingly, the increased detection of the malware loader in the threat landscape corresponds to the disappearance of BazaLoader deployments since February 2022, another popular loader developed by the makers of the now-defunct TrickBot gang, which has since been absorbed into Conti.

DAT files, with the Windows shortcut file executing the latter containing the Bumblebee downloader, before using it to deliver BazaLoader and IcedID malware.

It's not immediately clear if Bumblebee is the work of TrickBot actors and whether the leaks prompted the gang to abandon BazaLoader in favor of an entirely new malware.

"The introduction of the Bumblebee loader to the crimeware threat landscape and its apparent replacement for BazaLoader demonstrates the flexibility threat actors have to quickly shift TTPs and adopt new malware," Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, said.

News URL

https://thehackernews.com/2022/04/cybercriminals-using-new-malware-loader.html

#cybercriminal #malware