The Bumblebee loader is increasingly being used by hackers linked to the IcedID, TrickBot, and BazarLoader malware to infiltrate target networks and carry out additional post-exploitation operations.
When Google’s Threat Analysis Group (TAG) exposed the actions of an initial access broker named Exotic Lily with connections to the TrickBot and the bigger Conti collectives in March 2022, Bumblebee initially came to light.
What is Bumblebee?
Researchers discovered that Bumblebee is a successor for the malware known as BazarLoader, which previously distributed the Conti ransomware.
Spam emails are where the Bumblebee virus first appears. The malicious Dynamic Link Library (DLL) file is finally dropped by the ISO file that can be downloaded using the link in this email. On the victim’s computer, the DLL file continues to load Bumblebee’s ultimate payload.
An identical replica of the data found on an optical disc, such as a CD or DVD, is stored in an archive file called an ISO file. They are primarily employed to distribute huge file sets intended for burning onto optical discs or backup optical discs.
Analysis by experts
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: