BumbleBee Webshell
The BumbleBee Webshell is a new piece of malware discovered on the computers used by an organization that fell victim to the xHunt attack campaign previously. Cybersecurity experts believed that xHunt and the BumbleBee Webshell are being used by the same cybercriminals, and, of course, the latter serves an entirely different purpose compared to xHunt.
The BumbleBee Webshell appears to have infected Microsoft Exchange servers, and it was used to run remote commands, as well as to upload/download files that were later executed. The criminals operating the BumbleBee Webshell had used various Virtual Private Networks (VPN) to connect to the payload and transmit commands – the location of the attacker's IP Regularly switched between dozens of countries.
Despite the BumbleBee Webshell's limited features, it is still a very threatening implant. The criminals had added some security measures to prevent unauthorized users from accessing the web shell's control panel – visitors are prompted to enter a one-time password to view the panel, and then they need to enter a second password to execute commands. This measure not only protects the web shell from being discovered by malware researchers sooner but may also keep it hidden from other threat actors looking to penetrate the same network.
The xHunt campaign continues to surprise malware researchers, and the BumbleBee Webshell is just the latest finding related to this topic. Both threats are identifiable and removable with the use of a sophisticated anti-virus software suite.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.