Hackers are using Google Ads to spread the Bumblebee malware.

The malware campaign disguises itself as Zoom, ChatGPT, Cisco AnyConnect, etc.

The malware is believed to be a new variant of BazarLoader, a backdoor previously used by Conti .

The BumbleBee malware is installed through a trojanized MSI installer that is promoted on a fake landing page.
Once executed, the user’s computer receives a disguised PowerShell script and a legitimate program installer.
The genuine installer then installs the application on the device inconspicuously while the PowerScrip script deploys BumbleBee malware.
To inject malware into memory, Bumblebee uses the same post-exploitation framework module, enabling it to evade the existing antivirus products without raising any security alarm.
Researchers have recommended that users:
- Only download software installers and updates from known, official, and trusted websites.
- Ensure that computer users are not allowed to install software and run scripts. To prevent the execution of malware, security tools like AppLocker must be used and enabled.
- Make sure to use a reputed antivirus solution.
- Ensure regular backups of their data.