BazarLoader Malware Abuses Slack, BaseCamp Clouds

2021-04-16 20:27

The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.

It's been recently seen being used as a staging malware for ransomware, particularly Ryuk.

TrickBot is another first-stage loader malware often used in ransomware campaigns.

"From what we could tell, the malware binaries running in the lab network bear no resemblance to TrickBot," according to the posting.

In any event, BazarLoader appears to be in an early stage of development and isn't as sophisticated as more mature families like TrickBot, researchers added.

"While early versions of the malware were not obfuscated, more recent samples appear to encrypt the strings that might reveal the malware's intended use," they said.

News URL

https://threatpost.com/bazarloader-malware-slack-basecamp/165455/

#cloud #malware #slack

News URL

Related news