Malware uses underground call centers to trick users into infecting themselves
A team of information security specialists Microsoft Security Intelligence warned users about the ongoing malicious campaign BazaCall, whose operators are trying to install ransomware on victim systems.
As part of the BazaCall campaign, criminals send out emails asking recipients to call a specified number to cancel an alleged subscription to the service. By calling the number, users are actually going to a fraudulent call centre run by attackers. The perpetrators recommend that victims visit a specific website and download a Microsoft Excel file to complete the procedure. The file, in turn, contains a malicious macro for downloading malware.
We're tracking an active BazaCall malware campaign leading to human-operated attacks and ransomware deployment. BazaCall campaigns use emails that lure recipients to call a number to cancel their supposed subscription to a certain service. pic.twitter.com/RS5wGSndhv
— Microsoft Security Intelligence (@MsftSecIntel) June 22, 2021
According to experts, attackers use Cobalt Strike beacons and steal credentials, including the Active Directory database, using the open-source software rclone.
The experts noted that the phone numbers in the cybercriminals’ emails change “at least daily,” and sometimes more than two numbers could appear a day.
Catch up on more articles here
Follow us on Twitter here