Security News > 2023 > September > Bumblebee malware returns in new attacks abusing WebDAV folders
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
Intel471's researchers report that Bumblebee's latest campaign, which started on September 7, 2023, abuses the 4shared WebDAV services to distribute the loader, accommodate the attack chain, and perform several post-infection actions.
Most attachments are Windows shortcut LNK files, but there are also some ZIP archives containing LNK files, likely a sign that the Bumblebee operators are experimenting to determine what works best.
The analysts have also spotted an updated version of the Bumblebee malware loader being used in this campaign, which has switched from using the WebSocket protocol to TCP for command and control server communications.
New Nitrogen malware pushed via Google Ads for ransomware attacks.
New SprySOCKS Linux malware used in cyber espionage attacks.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)