Hackers in today’s date are utilizing the means of conventional methods, as now they are using a telephone call as a brand new technique to infect their victim’s devices. Since the time of January, security researchers have been observing a malware distribution campaign titled the “BazarCall”.
This latest malware was discovered being scattered by the call centers in late January, as the threat actors originally used it to install the BazarLoader malware. While other malware is now being circulated, experts continue to classify the distribution campaign as BazarCall.
Randy Pargman, Vice President of Threat Hunting & Counterintelligence at Binary Defense, stated that individual customer ID is a core element of the attack and is utilized by the call center to decide if the caller is a targeted victim.
“They will be able to identify the company that got that email when you give them a valid customer number on the phone. But if you give them a wrong number, they will just tell you that they canceled your order and it’s all good without sending you to the website,” Pargman explained.
Furthermore, these cyberattacks follow an uncomplicated yet very efficient pattern. It is all initiated with the BazarLoader gang sending out email spam campaigns to chosen victims. To obtain the targeted victim’s attention, the emails normally use decoys associated with offers, free trials, or subscriptions to medical, IT, or other financial services. The emails further include directions for recipients to call a phone number for additional specifications about their offer.
If users call the supposed number, they are connected to a call center where an English-speaking operator leads the victim through downloading an Office file, incapacitating Office security features, and enabling the document, mostly, an Excel or Word file, to run automated scripts termed “macros,” which when executed infects the target’s device with malware.
Source: The Record
Image source: KratiKal