Security researchers have detected a new malware loader dubbed Bumblebee. The sophisticated malware appears to be a replacement for BazarLoader and is likely being used to gain initial access for follow on ransomware attacks and other malicious activity. Bumblebee is a highly sophisticated malware loader “that integrates intricate elaborate evasion techniques and anti-analysis tricks,” according to BleepingComputer. Researchers have detected a number of email campaigns distributing Bumblebee within ISO attachments. One campaign exploited a DocuSign document lure that led to a ZIP archive with a malicious ISO container hosted on Microsoft’s OneDrive cloud service. Another campaign was observed delivering Bumblebee through contact forms on a target’s website. Bumblebee is under active development acquiring new methods for evading detection and is reportedly begin used by multiple threat groups. Read more at BleepingComputer.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!