October 21, 2024 By Bill Toulas
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May.
Believed to be the creation of TrickBot developers, the malware emerged in 2022 as a replacement for the BazarLoader backdoor to provide ransomware threat actors access to victim networks.
Bumblebee typically achieves infection via phishing, malvertising, and SEO poisoning that promoted various software (e.g. Zooom, Cisco AnyConnect, ChatGPT, and Citrix Workspace).
Among the payloads typically delivered by Bumblebee are Cobalt Strike beacons, information-stealing malware, and various ransomware strains.
In May, an international law enforcement operation codenamed 'Operation Endgame' seized over a hundred servers supporting the multiple malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC.
