A new type of JavaScript dropper called PindOS has been observed delivering next-stage payloads like Bumblebee and Icedid.
This new malware is a replacement for another loader called BazarLoader.
Deep Instinct is tracking the malware as Pindos, which contains the name in its User-Agent string.
Both BumbleBee and Iedid serve as loaders, acting as a vector for other malware on compromised hosts, including ransomware.
The company’s experts do not know if this new strain of Javascript dropper is permanently adopted by the actors behind it remains to be seen, the researchers concluded.
About two weeks ago, Malwarebytes reported discovering a similar family of JavaScript loaders called BazaarLoader.
These loaders were originally developed by the defunct TrickBot and Conti groups.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply