"New Strain of JavaScript Dropper Delivers Bumblebee and IcedID Malware"

There is a new strain of a JavaScript dropper delivering Bumblebee and IcedID malware, which are both known to execute ransomware. Deep Instinct's Threat Research Lab noted that the dropper contains Russian-language comments and uses the unique user-agent string "PindOS." Bumblebee is a malware loader first discovered in March 2022. According to the researchers, it was used by the Conti group as a replacement for BazarLoader. The researchers highlight that the transition to JavaScript instead of PowerShell represents a significant shift in Bumblebee's well-established tactics, techniques, and procedures (TTPs). IcedID has operated as a modular banking malware designed to steal financial data. Since at least 2017, it has been observed in the wild, and it has lately been observed shifting some of its focus to malware delivery. The shift to JavaScript-based droppers presents new opportunities for evasion and malware delivery, posing potential challenges for security products that have been predominantly focused on detecting PowerShell-based attacks. This article continues to discuss findings and observations regarding the new strain of JavaScript dropper delivering Bumblebee and IcedID malware.

SC Magazine reports "New Strain of JavaScript Dropper Delivers Bumblebee and IcedID Malware"