Cert2Connect

Bumblebee Loader Discovered With New Infection Chain

Bumblebee is a sophisticated downloader malware used by cybercriminals to access corporate networks and deploy payloads like Cobalt Strike and ransomware. First identified by Google in 2022 it resurfaced in 2024 following Europols Operation Endgame which targeted major malware botnets. Bumblebee infections typically start via phishing emails containing ZIP files with LNK files that execute a chain of events to load the malware into memory without writing to disk. The infection process uses MSI files and PowerShell commands to download and install the final payload stealthily avoiding detection by bypassing process creation. The malware uses RC4 encryption for configuration with hardcoded keys.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak