Security News > 2023 > April > Google ads push BumbleBee malware used by ransomware gangs
The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
Bumblebee is a malware loader discovered in April 2022, thought to have been developed by the Conti team as a replacement for the BazarLoader backdoor, used for gaining initial access to networks and conducting ransomware attacks.
In September 2022, a new version of the malware loader was observed in the wild, featuring a stealthier attack chain that used the PowerSploit framework for reflective DLL injection into memory.
Researchers at Secureworks have recently discovered a new campaign using Google advertisements that promote trojanized versions of popular apps to deliver the malware loader to unsuspecting victims.
This fake landing page promoted a trojanized MSI installer named "Cisco-anyconnect-4 9 0195.msi" that installs the BumbleBee malware.
The PowerScrip script installs the BumbleBee malware and conducts malicious activity on the compromised device.
News URL
Related news
- Ransomware gang deploys new malware to kill security software (source)
- Azure domains and Google abused to spread disinformation and malware (source)
- Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign (source)
- New Voldemort malware abuses Google Sheets to store stolen data (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Malware locks browser in kiosk mode to steal Google credentials (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)