Security News > 2021 > August > Fake DMCA and DDoS complaints lead to BazaLoader malware
Cybercriminals behind the BazaLoader malware came up with a new lure to trick website owners into opening malicious files: fake notifications about the site being engaged in distributed denial-of-service attacks.
The goal is the same though: use contact forms to deliver BazaLoader malware that often drops Cobalt Strike, which can lead to data theft or a ransomware attack.
The sender threatened with legal action unless the recipients didn't "Immediately clean" their website of the malicious files that helped deploy the DDoS attack.
We have strong evidence and belief that your site was hacked and your website files were modified, with the help of which the DDoS attack is currently taking place.
Proofpoint security researcher Matthew Mesa notes in a tweet that these messages are sent through the website's contact form and deliver the BazaLoader malware hosted on a Google site.
Malware analyst Brad Duncan examined the file and found it was a ZIP archive with JavaScript that fetches the BazaLoader DLL, a backdoor attributed to the TrickBot gang that typically leads to a ransomware infection.