Alert! Bumblebee, the replacement for BazaLoader ransomware
is the headline of the news that the author of WTM News has collected this article. Stay tuned to WTM News to stay up to date with the latest news on this topic. We ask you to follow us on social networks.
Bumblebee, that’s the name of the new downloader that has appeared. This sophisticated malware loader is being used as an initial access facilitator to deliver payloads such as ransomware, which aim to download and execute additional payloads.
This has been warned by Proofpoint, which since March has detected that at least three well-known groups of cybercriminals are using the new malware in various campaigns, whose activity coincides with that detailed by the Google Threat Analysis Group.
“The appearance of Bumblebee in the crimeware threat landscape and its apparent replacement of BazaLoader demonstrates the flexibility of cybercriminals to quickly change the way they operate by adopting new malware”, comments Sherrod DeGrippo, vice president of Research and Threat Detection at Proofpoint.
Bumblebee, new downloader
Bumblebee is a sophisticated downloader that contains anti-virtualization checks and has a unique implementation of common downloader capabilities. The name of the malware comes from the unique User-Agent “bumblebee” used in the first campaigns.
Alert! Bumblebee, the replacement for BazaLoader in ransomware campaigns
The malware emerges in the threat landscape coinciding with the recent disappearance of BazaLoader, a popular payload that makes it easier to track attacks, from Proofpoint’s threat activity logs since February 2022.
The use of the downloader by multiple cybercriminal groups can be considered a notable change in the landscape of cybercriminal threats. Therefore, the company estimates that the groups that use it can be considered initial access facilitators, who infiltrate and then sell access to ransomware authors.
