Bumblebee malware returns to target hundreds of firms

Researchers spot new phishing campaign distributing Bumblebee malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have once again started using the Bumblebeemalwarein their campaigns to target victims across the globe, researchers have confirmed.

In a newreport, cybersecurity pros Proofpoint said that after a four-month period of inactivity, they spotted threat actors deploying this malware variant in new campaigns.

The researchers began observing a campaign in which “several thousand emails” were being sent to different organizations in the United States. The emails were part of a phishing campaign whose goal was to get the victims to download and run a Word file hosted in a OneDrive folder.

Macros in Office documents

Although benign on the surface (it impersonated the Humane company that is developing and selling a smart wearable device), the Word file was weaponized through a malicious macro. The macro, after a few steps, downloaded and executed Bumblebee, a malicious loader that’s used to drop additional payloads on the compromised endpoints.

While Proofpoint wasn’t able to confidently attribute the campaign to any particular threat actor, it did say that it somewhat aligns with previous activities from the TA579 group. It also said that two other groups, TA576 and TA866, both recently emerged after “months-long gaps in activity”, hinting that they, too, might be behind this campaign.

Whoever the perpetrator is, one thing is certain - Bumblebee can be used to deploy ransomware.

Proofpoint also notices that the attackers opted for a macro-themed attack, which is somewhat unusual given thatMicrosofteffectively killed off the method two years ago.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Back in 2022, Microsoft startedblocking macros in files downloaded from the internet by default, forcing the majority of threat actors to pivot to different techniques. One of the methods that emerged since then is the use of shortcut files instead of Word documents. One of their greatest advantages is the ability to change the icon’s appearance, which the hackers used to trick people into thinking they were running a .PDF file.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time