Microsoft is warning of malware spread via call centers

Share this article


In brief: Criminals use a variety of methods to distribute malware, including, in some cases, call centers. Microsoft cybersecurity researchers have warned of a group using the technique to spread the BazarLoader malware loader.

A post by Palo Alto Networks’ Brad Duncan (via ZDNet) explains that BazarLoader provides backdoor access to an infected Windows host. Once downloaded, criminals use the backdoor to send follow-up malware, such as ransomware, scan the environment, and exploit other vulnerable hosts on the network.

Those behind BazarLoader use a variety of distribution methods. In February this year, researchers began reporting a call center-based technique, dubbed BazarCall, which takes advantage of the less tech-savvy.

The process begins with a victim receiving an email claiming a trial subscription they signed up for has expired and their credit card will be automatically charged unless they ring the included call center number to cancel the sub.

Anyone who does call the number will be directed to a fake company website and told to download an Excel file. The call center operator then instruct the victim to enable macros on the file, allowing the machine to be infected with BazarLoader, at which point the target is informed they have been unsubscribed.

Microsoft Security Intelligence tweeted that it is tracking the BazarCall malware campaign and is warning people to be cautious. It also says it has observed the attackers using Cobalt Strike penetration testing kits to steal credentials, including the Active Directory (AD) database, and exfiltrate data using rclone.

“The lack of malicious elements in the emails can be a challenge for detection. Microsoft 365 Defender’s cross-domain visibility allows endpoint signals to inform Microsoft Defender for Office 365 protections against the emails, ensuring comprehensive defense against this attack,” explains Microsoft’s security team.

Microsoft has created a GitHub page that offers more insight into BazarCall that’s being updated as it continues tracking the malware.

Source link

Tags: , , , , ,
Fast and Furious 9 review: The Godfather II of Vin Diesel movies
2022 Audi RS 3 will drift to your heart's content – Roadshow

Best rewards credit cards for June 2021

iPhone 12 water test: How deep can Apple’s phone really go?

ASRock’s DeskMini Max concept houses AMD Ryzen, dGPU and liquid cooling in a 10L case

Fast and Furious 9 review: The Godfather II of Vin Diesel car crash movies

Nvidia is increasing supply of the RTX 3060 from next month

Nvidia is increasing supply of the RTX 3060 from next month

I switched from Android to iPhone and here’s what happened

iPhone 13 camera: The specs and features the rumors say we’ll see

Watch Microsoft

Watch Microsoft’s Windows 11 unveiling right here at 8am PT / 11am ET

Aliens could have already spotted Earth from over 2,000 different star systems

Earth-like worlds in the Milky Way may be a lot less common than we thought

You May Also Like