THREATNOIR
Subscribe
Back to Feed
MalwareApr 1, 2026

As usually, @smica83 uploaded a related sample to Bazaar: https://t.co/jt9HqNOAtA Active source u...

Malware sample disguised as BlueBeam Revu installer uploaded to Bazaar.

Read at source

Summary

A malicious executable masquerading as BlueBeam Revu 0295 was discovered hosted on a Backblaze S3 bucket and uploaded to the Bazaar malware repository. The malware is signed with a certificate issued to 'Xiamen Yufeng Tiantai Network Co., Ltd.' by Sectigo, suggesting a supply-chain or certificate abuse vector.

Indicators of Compromise

  • url ā€” https://nebraskatigers.s3.us-east-005.backblazeb2.com/bluebeam/BlueBeam_Revu_0295-latest-x64.exe
  • domain ā€” backblazeb2.com
  • malware ā€” BlueBeam_Revu_0295-latest-x64.exe (trojanized)