A new malware called Bumblebee has been analyzed by security researchers at Symantec, leading the experts to believe that the malware has become a key component in ransomware attacks. The malware has been linked to operations perpetrated by notorious threat groups such as Conti, Mountlocker, and Quantum. The role of the malware was discovered after a recent attack involving Quantum that shed light on how Bumblebee is being used to deliver ransomware. According to researchers, the attack typically begins with a phishing email containing a malicious file disguising the Bumblebee loader.
The attack requires the target to click on a malicious link. Once the attachment is opened, the malware is loaded and launched to run on the victim’s device. Bumblebee allows attackers to establish a backdoor onto PC devices, leading to control of operations being handed over to the attackers. Researchers believe that the new malware may have been introduced as a replacement loader for Trickbot, another popular malware with similar functions.