Security News > 2021 > August > Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks - dubbed "BazaCall" - eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number.
By tricking the recipients into calling the number, the unsuspecting victims are connected with an actual human operator at a fraudulent call center, who then provides them with instructions to download the BazaLoader malware.
BazaLoader is a C++-based downloader with the ability to install various types of malicious programs on infected computers, including deploying ransomware and other malware to steal sensitive data from victimized systems.
"Attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise," Microsoft 365 Defender Threat Intelligence Team said in a report published Thursday.
The latest attack disclosed by Microsoft is no different in that the call center agent serves as a conduit, urging the caller to navigate to a recipe website in order to cancel the non-existent trial subscription.