Select Page

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID.

Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its “User-Agent” string.

Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint highlighted IcedID’s abandoning of banking fraud features to solely focus on malware delivery.

Bumblebee, notably, is a replacement for another loader called BazarLoader, which has been attributed to the now-defunct TrickBot and Conti groups.

images from Hacker News