"Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections"

A new version of the Bumblebee malware loader has been discovered in the wild, with a new infection chain involving the PowerSploit framework to perform stealthy reflective injection of a DLL payload into memory. Bumblebee was discovered in April, being distributed through phishing campaigns set up by the same malicious actors behind BazarLoader and TrickBot. Since Bumblebee is a sophisticated loader with advanced anti-analysis and anti-detection capabilities, researchers assumed that it would replace other loaders, such as BazarLoader, in initial compromise attacks followed by ransomware deployment. Bumblebee's distribution rate increased significantly, but the new loader never became dominant in the field. According to a Cyble report, based on a discovery by threat researcher Max Malyutin, the authors of Bumblebee are preparing to resume spam operations after a summer hiatus, using a new execution flow. Bumblebee becomes a more powerful initial access threat as its stealthiness increases, as do its chances of enticing ransomware and malware operators seeking new ways to deploy their payloads. This article continues to discuss the new version of the Bumblebee malware loader.

Bleeping Computer reports "Bumblebee Malware Adds Post-exploitation Tool for Stealthy Infections"