Security News > 2022 > April > Bumblebee malware loader emerges as Conti's BazarLoader fades

A sophisticated malware loader dubbed Bumblebee is being used by at least three cybercriminal groups that have links to ransomware gangs, according to cybersecurity researchers.

Researchers with both Proofpoint and Cybereason found code similarities between Bumblebee and TrickBot's malware.

The ad giant's infosec researchers said Exotic Lily has links to Conti and Diavol, and used Bumblebee to launch large-scale phishing campaigns to gain initial access.

"From a threat research perspective, what makes this malware interesting is the fact that it was associated with the Conti ransomware group as one of the group's threat loaders," Eli Salem, malware researcher and threat hunter at Cybereason, wrote in a blog post.

Proofpoint threat researchers Kelsey Merriman and Pim Trouerbach reported they've seen Bumblebee used in three malicious email campaigns to drop Cobalt Strike, Silver and Meterpreter frameworks - tools used by security teams in organizations for training and penetration testing, but since weaponized by attackers.

The Proofpoint researchers said they are highly confident "Based on malware artefacts" that "All the tracked threat actors using Bumblebee are receiving it from the same source."

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/29/bumblee-malware-conti-malware/