Popular software tools such as Zoom, Cisco AnyConnect, ChatGPT and Citrix Workspace have been trojanized to distribute the malware known as Bumblebee.
Secureworks’ Counter Threat Unit (CTU) analyzed the findings in a report published on Thursday, saying the infection chain for several of these attacks relied on a malicious Google Ad that sent users to a fake download page via a compromised WordPress site.
“As people look for new tech or want to get involved with the hype around new tech like ChatGPT, Google is the place to go to find it,” said Mike McLellan, intelligence director of SecureWorks CTU. “Malicious ads returned in search results are incredibly hard to spot, even for someone with deep technical knowledge.”
One of the attacks observed by Secureworks relied on a legitimate Cisco AnyConnect VPN installer modified to contain the Bumblebee malware.