New Bumblebee Malware Campaign Abuses 4Shared WebDAV Services For Distribution

The malware loader 'Bumblebee' is back from a two-month break with a new campaign that exploits 4shared WebDAV services. This campaign, which started on September 7, 2023, uses 4shared WebDAV for distributing the loader, managing the attack chain, and executing post-infection actions. By abusing this legitimate file-hosting service, Bumblebee operators avoid blocklists and ensure high infrastructure availability. Additionally, the WebDAV protocol provides them with various methods to bypass behavioral detection systems and offers streamlined distribution and payload switching advantages. Read more...