BumbleBee Malware Loader
admin 9 months ago
admin #news

Bumblebee and IcedID Trojans Clash with PindOS: Unraveling the Tactics of Android Malware

Classic BumbleBee Loader a Malware Dropper From Underground Blackhat Hackers Now Exploit PindOS To Exploit This System.

According to Fortinet, the Android malware that appeared in May was created using the Flutter SDK, which makes it very difficult to analyze. The latest Fluhorse sample reviewed by the experts also uses a packer to hide the malicious payload.

The malicious Bumblebee loader previously relied on PowerShell scripts to help extract and run the target DLL. Moving to JavaScript can mean a significant change in established techniques and tactics. The IcedID Trojan worked as a banker for a long time but has recently been repurposed and now also serves as a conduit for other malware.

Their new partner, PindOS, after deobfuscation, turned out to be a very primitive loader. Its single exec function takes four parameters:

  1. UserAgent: The string used when loading the target DLL.
  2. URL1: The main download address.
  3. URL2: The backup address for download.
  4. RunDLL: The exported DLL function to be called.

The downloaded payload is saved in the Windows user templates folder as a .dat file with an arbitrary name (a six-digit number). It is launched using rundll32.exe.

It is noteworthy that the resulting payload is generated on demand and pseudo-randomly. In other words, a new hash is created each time. Such a trick is usually used to bypass signature-based protections. However, in the case of Bumblebee, this trick does not have the desired effect, according to experts.

0
289
Blacklotus Windows UEFI Malware Source Code Leaked From Darkweb Forum

Blacklotus Windows UEFI Malware Source Code Leaked From Darkweb Forum

1673775682.png
admin
9 months ago
UnderGround Fluhorse Android Trojan steals SMS to intercept 2FA codes

UnderGround Fluhorse Android Trojan steals SMS to intercept 2FA codes

1673775682.png
admin
9 months ago
Chinese Hackers Attacking European Foreign Ministries And Embassies With HTML Smuggling

Chinese Hackers Attacking European Foreign Ministries And Embassies Wi...

1673775682.png
admin
9 months ago
How Hackers Bypass Google Play Protect On Android

How Hackers Bypass Google Play Protect On Android

1673775682.png
admin
1 year ago
New malware Fractureiser threatens the safety of Minecraft players

New malware Fractureiser threatens the safety of Minecraft players

1673775682.png
admin
10 months ago