Security News > 2022 > April > New Bumblebee malware replaces Conti's BazarLoader in cyberattacks
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads.
The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say.
Eli Salem, lead threat hunter and malware reverse engineer at Cybereason says that the deployment techniques for Bumblebee are the same as for BazarLoader and IcedID, both seen in the past deploying Conti ransomware.
"Threat actors using Bumblebee are associated with malware payloads that have been linked to follow-on ransomware campaigns" - Proofpoint.
The researchers detected another campaign in April that hijacked email threads to deliver the Bumblebee malware loader in replies to the target with an archived ISO attachment.
Malware researchers at cybersecurity companies Proofpoint and Cybereason analyzed Bumblebee and noticed similarities with the TrickBot malware in code, delivery methods, and dropped payloads.