Security News > 2023 > September > Bumblebee malware returns in new attacks abusing WebDAV folders
The malware loader 'Bumblebee' has broken its two-month vacation with a new campaign that employs new distribution techniques that abuse 4shared WebDAV services.
Intel471's researchers report that Bumblebee's latest campaign, which started on September 7, 2023, abuses the 4shared WebDAV services to distribute the loader, accommodate the attack chain, and perform several post-infection actions.
Most attachments are Windows shortcut LNK files, but there are also some ZIP archives containing LNK files, likely a sign that the Bumblebee operators are experimenting to determine what works best.
The analysts have also spotted an updated version of the Bumblebee malware loader being used in this campaign, which has switched from using the WebSocket protocol to TCP for command and control server communications.
New Nitrogen malware pushed via Google Ads for ransomware attacks.
New SprySOCKS Linux malware used in cyber espionage attacks.
News URL
Related news
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)