A dangerous malware named Bumblebee is being distributed through Google ads and SEO poisoning that promote popular corporate software such as Citrix Workspace, Cisco AnyConnect, ChatGPT, and Zoom. Bumblebee is a malware loader that was discovered in April 2022 and is believed to be developed by the Conti team as a replacement for the BazarLoader backdoor. It is used to gain initial access to networks and conduct ransomware attacks. A new version of the malware was discovered in September 2022, featuring a stealthier attack chain that uses the PowerSploit framework for reflective DLL injection into memory. Cybersecurity firm Secureworks recently discovered a new campaign using Google advertisements that promote trojanized versions of popular apps to deliver the malware loader to unsuspecting victims. Infected devices make candidates for the beginning of ransomware attacks, as they allow the attackers to move laterally in the network and establish access points that can be used to steal data and eventually deploy ransomware.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: Bleeping Computer