Intel Name: Bumblebee malware
Date of Scan: June 10, 2025
Impact: Medium
Summary: Our team observed the reappearance of Bumblebee malware in the cybercriminal landscape on February 8, 2024, following a four-month absence. Bumblebee is a sophisticated downloader favored by various cybercriminal actors since its initial emergence in March 2022, remaining active until October 2023. In the February 2024 campaign, we detected thousands of phishing emails targeting U.S.-based organizations. These messages, sent from “info@quarlesaa[.]com” with the subject line “Voicemail February,” included OneDrive URLs that linked to malicious Word documents named in a format such as “ReleaseEvans#96.docm” (with varying digits). The documents were crafted to impersonate the consumer electronics company Humane.