Financial organizations in French-speaking African countries are being subjected to attacks by the Bluebottle cybercrime operation, which has been leveraging living-off-the-land attacks and generic malware, reports SiliconAngle. Bluebottle, which has been linked with the OPERA1ER group may have used spear-phishing as an attack vector, with malicious French-language, job-themed files likely to be used as lures in its attacks, a report from Symantec revealed. Bluebottle was also likely to have mounted its job-themed malware as CD-ROMs, with the malware including the shellcode-based downloader GuLoader, which facilitates decoy binaries prior to the deployment of another NSIS script for obfuscated shellcode injection. The report noted that persistence and credential theft may be the goal of Bluebottle with its operations. "The effectiveness of its campaigns means that Bluebottle is unlikely to stop this activity. It appears to be very focused on Francophone countries in Africa, so financial institutions in these countries should remain on high alert," said researchers.