Security News > 2023 > June > New PindOS JavaScript dropper deploys Bumblebee, IcedID malware

New PindOS JavaScript dropper deploys Bumblebee, IcedID malware
2023-06-26 16:39

Security researchers discovered a new malicious tool they named PindOS that delivers the Bumblebee and IcedID malware typically associated with ransomware attacks.

PindOS is a simple JavaScript malware dropper that appears to be built specifically to fetch the next-stage payloads that deliver the attackers' final payload. Simple JavaScript malware dropper.

In a report from cybersecurity company DeepInstinct, researchers note that the new PindOS malware dropper has only one function that comes with four parameters for downloading the payload, be it Bumblebee or the IcedID banking trojan that turned malware loader.

The researchers note that the second URL parameter is a redundancy that PindOS uses when it cannot retrieve the payload from the first URL, and then tries to execute it by combining PowerShell commands and Microsoft's rundll.

PindOS downloads the payload to "%appdata%/Microsoft/Templates/" as a DAT file with six random numbers as a name.

Even if Bumblebee or IcedID operators don't adopt it, PindOS may become more popular with other threat actors.


News URL

https://www.bleepingcomputer.com/news/security/new-pindos-javascript-dropper-deploys-bumblebee-icedid-malware/