Proofpoint cybersecurity experts: Groups from India, Russia and China exploit this technique. The files have low detection rate by public antivirus.
Palo Alto Networks Unit 42: BazarLoader is now spread via fake call centers. This method has been dubbed “BazarCall, and exploits emails with a trial subscription-based theme
BazarLoader is now spread via fake call centers. It has been discovered by Palo Alto Networks Unit 42 cybersecurity experts. The cybercrime actor behind it uses different methods to distribute this malware to potential victims. In early February 2021, researchers began reporting a call center-based method of spreading it. It exploits emails with a trial subscription-based theme, that encourages potential victims to call a phone number. A call center operator then answers and directs victims to a website to unsubscribe from the service. Call center operators offer to personally guide victims through a process designed to infect vulnerable computers with the malicious code. This call center-based process has been dubbed the “BazarCall” method. BazarLoader (aka BazaLoader) provides backdoor access to an infected Windows host. After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.