New wave of Bumblebee malware attacks warned

SUMMARY :

Security researchers have detected new attacks involving the Bumblebee malware loader, just four months after Europol disrupted its operations in Operation Endgame. The malware has resurfaced with updated tactics, using MSI files disguised as legitimate software installers to deliver its payload directly into memory without dropping files to disk. It also avoids creating new processes by leveraging the MSI SelfReg table to execute malicious DLLs. The Bumblebee campaigns likely begin with phishing emails containing ZIP files with malicious LNK files that initiate the infection chain. This marks the first major reappearance of Bumblebee since the law enforcement takedown in May 2024.

OPENCTI LABELS :

phishing,malware,ransomware,bumblebee,loader,evasion,msi,in-memory


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New wave of Bumblebee malware attacks warned