Bumblebee malware returns in new attacks abusing WebDAV folders

The malware loader Bumblebee has relaunched with new distribution techniques. Researchers at Intel471 have reported that it is now employing the abuse of the 4shared platform to distribute the loader, evade blocklists, and perform post-infection actions. It is also using the WebDAV protocol to bypass detection systems and streamline distribution. Another worrying development is that the malware has switched from WebSocket protocol to TCP for server communications, making it more elusive and harder to block.