Cybersecurity firm Secureworks has identified the Bumblebee malware, which is spreading via fake online advertisements for popular programs such as ChatGPT, Zoom, and Citrix. Users who attempt to download the programs may find their devices infected with Bumblebee, which is considered a highly sophisticated malware, according to cybersecurity firm Avertium.
The malware is usually distributed through phishing emails. The researchers at Secureworks noted that remote workers are particularly at risk, as they are interested in installing popular software on their devices.
In one incident examined by the researchers, a malicious Google advertisement sent users to a hacked WordPress site, which then redirected users to a fake download page that mimicked a Cisco program. Similarly, other schemes attempted to spread Bumblebee malware through fake Zoom, ChatGPT, and Citrix installers.
The researchers linked the Bumblebee malware to several threat actors and high-profile ransomware operations, including Quantum and MountLocker. It has also been deployed by the financially motivated group Exotic Lily, which often uses ransomware variants like Diavol and Conti.
To mitigate such threats, Secureworks recommends that organizations only download software installers and updates from known and trusted websites. Such attacks highlight the importance of cyber awareness, and users should be cautious of unsolicited emails or advertisements.
They should avoid clicking on links or downloading software from suspicious sources and should use security software and regularly update it. Additionally, remote workers should use a virtual private network (VPN) while accessing company networks to add an additional layer of security.
