Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware

Cyber Security

Products You May Like

Jun 23, 2023Ravie LakshmananMalware / Cyber Threat

A new strain of JavaScript dropper has been observed delivering next-stage payloads like Bumblebee and IcedID.

Cybersecurity firm Deep Instinct is tracking the malware as PindOS, which contains the name in its “User-Agent” string.

Both Bumblebee and IcedID serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware. A recent report from Proofpoint highlighted IcedID’s abandoning of banking fraud features to solely focus on malware delivery.

Bumblebee, notably, is a replacement for another loader called BazarLoader, which has been attributed to the now-defunct TrickBot and Conti groups.

Cybersecurity

A report from Secureworks in April 2022 found evidence of collaboration between several actors in the Russian cybercrime ecosystem, including that of Conti, Emotet, and IcedID.

Deep Instinct’s source code analysis of PindOS shows that it contains comments in Russian, raising the possibility of a continued partnership between the e-crime groups.

JavaScript Dropper PindOS

Described as a “surprisingly simple” loader, it’s designed to download malicious executables from a remote server. It makes use of two URLs, one of which functions as a fallback in the event the first URL fails to fetch the DLL payload.

“The retrieved payloads are generated pseudo-randomly ‘on-demand’ which results in a new sample hash each time a payload is fetched,” security researchers Shaul Vilkomir-Preisman and Mark Vaitzman said.

The DLL files are ultimately launched using rundll32.exe, a legitimate Windows tool to load and run DLLs.

“Whether PindOS is permanently adopted by the actors behind Bumblebee and IcedID remains to be seen,” the researchers concluded.

“If this ‘experiment’ is successful for each of these ‘companion’ malware operators it may become a permanent tool in their arsenal and gain popularity among other threat actors.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

Black Myth: Wukong Said to Be Delayed on Xbox Due to Exclusivity Deal Between Sony, Game Science
Human Brains Can Resist Decay for Up to 12,000 Years, Reveals Study
Plaud NotePin AI-Powered Wearable Note-Taking Device Launched: Price, Specifications
iPhone Users Outside the US Can Now Access Apple Intelligence Features in iOS 18.1 Developer Beta 3
NASA’s SpaceX Crew-9 Mission Adjusts Crew Ahead of September Launch

Leave a Reply

Your email address will not be published. Required fields are marked *