Beware of malware (Bumblebee)  [04.05.23]

IT security researchers have discovered two new ways of spreading Bumblebee (malware).

1. Malvertising: online advertisements lead to a fake or infected website. Such an ad may be malicious by design; however, it may also be a real ad that has been infected with appropriate malware.
2. SEO poisoning: search results are manipulated so that fake or infected web pages appear as high as possible in the list.

Both variants have in common that they lead to a fake or infected website from which you can download commonly used business software (e.g. Zoom, Cisco AnyConnect or ChatGPT). The name of fake websites is often very similar to the name of real websites in order not to arouse suspicion.

Clicking the mouse on the website actually downloads the desired installer. However, since this program is Trojanized - i.e. contains additional malicious code - Bumblebee is also downloaded unnoticed in the background, which can reload further malware.

The Information Security Department. recommends the following measures in principle:

1. Ensure that software installers and updates are downloaded only from known and trusted websites.
2. To prevent exploitation of known security vulnerabilities, apply security patches as soon as possible.

If you have any questions, please feel free to contact the Information Security Department.

Back to All news