Table of Contents
BazaLoader malware are now using by hackers – traditional social engineering techniques that rely on rogue URLs and malware-document. A method in which messages are sent to a targeted user claiming that your subscription will be expired unless calling a specific phone number.
Recipients are tricked into calling the number and they used call center operators to guide victims into installing BazaLoader malware.
Also known as BazarBack door, a C++-based downloader that can install different types of malicious programs on an infected computer as deploying Ransomware and other Malware that steal sensitive data from the victim’s PC.
The first attack was observed in April 2020 BazaLoader is used by multiple hackers and served as a Loader for disruptive Malware such as Ryuk and Conti Ransomware.
In a report published by Microsoft 365, Defender Threat Intelligence Team said, “Attacks arising from the BazaLoader malware threat can move networks quickly, trigger widespread data theft and credential theft, and deploy Ransomware within 48 hours of the first breach.”
Since Malware is not distributed via links or documentation within the body of the message itself, the bait adds difficulty that allows an attacker to evade phishing and malware detection software.
This campaign is part of a large trend for criminals working with BazaLoader to use the call center operator (operators believe English is not their native language) as part of a complex attack chain.
Earlier this May, Palo Alto Networks and Proofpoint launched a sophisticated infection mechanism that leveraged fake e-books and movie streaming subscription services related to websites as stepping stones and delivered crafted Excel spreadsheets containing the BazaLoader malware revealed.
There is no difference in that the latest attack call center agent released by Microsoft acts as a conduit and tells the caller to go to the recipe website (“top cooks  us”) to cancel a trial subscription that doesn’t exist. “
Using other human factors in the BazaLoader malware attack chain by hands-on keyboard control above makes this threat more hedging than traditional automated malware attacks,” the researchers said.
“The Baza Call centre campaign highlights the importance of cross-domain optics and its ability to interconnect events to build comprehensive defenses against the complex threat.”
Did you find this article interesting? Follow us on Facebook, Twitter, LinkedIn.