Security News > 2021 > May > BazaLoader Masquerades as Movie-Streaming Service

Proofpoint researchers said that they're confident that there's a "Strong overlap" between the distribution and post-exploitation activity of BazaLoader and the threat actors behind The Trick malware, also known as Trickbot.

This isn't the first time that Proofpoint has seen intricately composed BazaLoader email threat campaigns that have required a significant amount of human interaction - including phone-based customer service representatives - in order to trigger the malware download. Security researchers have dubbed the call-center or live-human method "BazarCall".

Sherrod DeGrippo, senior director of threat research and detection for Proofpoint, told Threatpost on Wednesday that for now, the BazaLoader threat actors are the most active when it comes to using call centers as part of an attack chain.

It's relatively new activity for the BazaLoader threat actors, DeGrippo continued: She described the method an emerging threat that's become more prevalent since January 2021.

Proofpoint is forecasting that the threat actors behind BazaLoader and Trickbot will keep using these carefully crafted techniques in the future.

"During the COVID-19 pandemic in 2020, subscriptions to online streaming services skyrocketed, surpassing one billion users globally last year. But according to recent 2021 data, consumers are using fewer services while churning through free subscriptions and cancelling when their trials run out. BazaLoader threat actors are taking advantage of this human behavior trend in the identified campaign."

News URL

https://threatpost.com/bazaloader-fake-movie-streaming-service/166489/