BazaLoader Malware Found Out in 'Fraudulent' Call Centers--Ransomware Deceives Victims Into Accessing Suspicious Links

The BazaLoader malware, which is also known as the BazarBackdoor, has been spotted by cybersecurity experts to be infiltrating systems of the victims who have downloaded the suspicious software.

The ransomware attack has been operating inside fraudulent call centers.

The cybercriminals made use of malicious links and files that have the virus. When the victim downloads them, the ransomware will be immediately installed in the system.

BazaCall Attacks Hit Victims

The usual call centers that we know can now be potential outlets of ransomware, according to the latest report by Hackers News. The notorious hackers behind the scheme rely on BazaCall, a method involving sending email messages to the victims through a subscription link.

If someone is unaware of the malware, he/she could likely install the BazaLoader without any notice.

Once the recipient follows the instructions and downloads the software, the infection will start to crawl into the victim's system.

What is BazaLoader

The BazaLoader is able to inflict damage to the computers by allowing the installation of suspicious programs. The malware thrives in a C++ environment and has the ability to steal important details from the user, such as email address, passwords, bank account, and more.

The ransomware could be compared to the previous Conti ransomware, which depends on many threat actors that aid the spread of the malware. It was in April last year when it was first discovered.

"Attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise," Microsoft wrote in its BazaCall security report on Thursday, July 29.

The malware launch for BazalLoader is prominent among call centers.

According to Hacker News, the known operations behind the attacks are non-native English speakers.

Beware of BazaLoader-Infected E-books and Subscriptions

E-book fans may have to think twice about the websites that they are visiting when downloading the files. The case back in May that involved BravoMovies' subscriptions and fake e-books.

The websites where you can access them might be a makeshift outlet for BazaLoader malware through an Excel spreadsheet.

Microsoft said that the modus of the attackers begins with a call from a call center representative. Furthermore, the hackers will convince the victim to click the suspicious link on the website. They will also ask the user if he/she will push through the trial subscription or not.

According to the researchers, the BazaCall campaigns target how important is the cross-domain optics, as well as how it could correlate a case that involves the threat actors.

Microsoft was able to recognize the threat actor behind the SolarWinds attack, but not exactly the true identity of the criminals. They suspected that the hackers came from China. They were also carrying out operations in the United States.

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics