Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

    justmattgBy justmattgJune 24, 2023No Comments2 Mins Read

    [ad_1]

    Jun 23, 2023Ravie LakshmananMalware / Cyber Threat

    JavaScript Dropper PindOS

    A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID.

    Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its “User-Agent” string.

    Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint highlighted IcedID’s abandoning of banking fraud features to solely focus on malware delivery.

    Bumblebee, notably, is a replacement for another loader called BazarLoader, which has been attributed to the now-defunct TrickBot and Conti groups.

    Cybersecurity

    A report from Secureworks in April 2022 found evidence of collaboration between several actors in the Russian cybercrime ecosystem, including that of Conti, Emotet, and IcedID.

    Deep Instinct’s source code analysis of PindOS shows that it contains comments in Russian, raising the possibility of a continued partnership between the e-crime groups.

    JavaScript Dropper PindOS

    Described as a “surprisingly simple” loader, it’s designed to download malicious executables from a remote server. It makes use of two URLs, one of which functions as a fallback in the event the first URL fails to fetch the DLL payload.

    “The retrieved payloads are generated pseudo-randomly ‘on-demand’ which results in a new sample hash each time a payload is fetched,” security researchers Shaul Vilkomir-Preisman and Mark Vaitzman said.

    The DLL files are ultimately launched using rundll32.exe, a legitimate Windows tool to load and run DLLs.

    “Whether PindOS is permanently adopted by the actors behind Bumblebee and IcedID remains to be seen,” the researchers concluded.

    “If this ‘experiment’ is successful for each of these ‘companion’ malware operators it may become a permanent tool in their arsenal and gain popularity among other threat actors.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleCybercrime Group ‘Muddled Libra’ Targets BPO Sector with Advanced Social Engineering
    Next Article BlackLotus BootKit Patching Won’t Prevent Compromise
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑