Security News > 2021 > May > New BazaFlix attack pushes BazarLoader malware via fake movie site
Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang.
BazarCall is a new phishing method in use since the beginning of the year that relies on call centers to direct users to downloading malware laced documents.
Following the instructions to unsubscribe from BravosMovies streaming services users get to download a malicious Excel document with macros that install BazarLoader malware.
Although the malware is used to download and execute other malicious files, the researchers said that they did not observe a second-stage payload for this campaign.
The BazaCall malware delivery method started being used in late January and continued through the end of March.
While both BazarLoader and TrickBot are believed to be created by the same group, the call centers may be operated by a different gang, who are renting them for malware distribution.
News URL
Related news
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)