Table of Contents
Infiltrating systems via telephone call centers using fake numbers can lead to the download of malicious code and the deployment of ransomware which will affect your system and steal your private information.
How is it done?
In these “BazaCall” attacks, rather than relying on rogue URLs and malware-laced documents, targeted users are sent emails that notify them of an upcoming subscription charge unless they call a specific phone number informing them of the charge.
A number is inserted into the phishing email so that the recipient is forced to call the number. The victim is then connected with a fake call center operator who provides them with instructions on how to download the BazaLoader malware.
In addition to deploying ransomware and other malware on infected systems, BazarLoader (aka BazarBackdoor) can act as a downloader that installs various types of malicious programs on infected computers. Observed in April 2020, BazaLoader has been used by numerous threat actors, typically serving as the loader for disruptive malware such as Ryuk or Conti ransomware.
Microsoft’s Statement on the Issue
“Attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise,” Microsoft 365 Defender Threat Intelligence Team said in a Thursday report.
Since the malware you receive doesn’t come with any links or documents within the body of the message, these lures make it harder for attack software to detect the threat. BazaLoader-affiliated criminals have been using call centers – the operators of these centers – as part of their criminal activities
Palo Alto Networks and Proofpoint
Palo Alto Networks and Proofpoint demonstrated earlier in May how to deliver rigged Excel spreadsheets containing the BazaLoader malware via websites associated with false ebooks (World Books) and movie streaming subscription services (BravoMovies).
The Microsoft attack is similar to those previously disclosed in that a call center agent is used as an arm, directing the caller to a recipe website (“topcooks[.]us”) to cancel a non-existent trial subscription.
In addition to the hands-on-keyboard control mentioned above, another human element is used in BazaCall to make it a more dangerous and evasive threat than traditional, automated malware attacks, the researchers said.
Through its Operation BazaCall campaigns, BazCall demonstrates the importance of cross-domain optics and the ability to correlate events to build a comprehensive defense against complex threats.