Security News > 2023 > April > Google ads push BumbleBee malware used by ransomware gangs
The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
Bumblebee is a malware loader discovered in April 2022, thought to have been developed by the Conti team as a replacement for the BazarLoader backdoor, used for gaining initial access to networks and conducting ransomware attacks.
In September 2022, a new version of the malware loader was observed in the wild, featuring a stealthier attack chain that used the PowerSploit framework for reflective DLL injection into memory.
Researchers at Secureworks have recently discovered a new campaign using Google advertisements that promote trojanized versions of popular apps to deliver the malware loader to unsuspecting victims.
This fake landing page promoted a trojanized MSI installer named "Cisco-anyconnect-4 9 0195.msi" that installs the BumbleBee malware.
The PowerScrip script installs the BumbleBee malware and conducts malicious activity on the compromised device.
News URL
Related news
- Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)
- Fake Homebrew Google ads target Mac users with malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)