Bumblebee is Back After Four Months of Inactivity

Proofpoint has detected a campaign against organizations in the United States involving this malware.

Proofpoint is warning about the return of the Bumblebee download malware, which first appeared almost two years ago and has been dormant for four months.

The company has detected a campaign in which Bumblebee is back in the spotlight. Organizations in the United States have received emails from the sender “info@quarlesaa.com” with the subject line “Voicemail February” containing OneDrive links and leading to a Word document. The cybercriminals usurped the identity of the company Humane to perpetrate their hoax.

Unlike previous attacks, this campaign uses documents with VBA macros. This decision is surprising, as the attack chains were changing since Microsoft decided to block macros by default.

“The return of Bumblebee coincides with an uptick in activity in the overall cybercrime landscape,” as explained by Proofpoint’s research team. “2024 is off to a strong start for many cybercriminal groups who have returned to very high levels of activity after a temporary winter lull.”

“We continue to continually see new and creative attack chains and updated malware aimed at evading arrests by attackers,” the company adds. The experts expect “this to continue until they pause again in the summer”.