The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.
The criminals behind a recent malware campaign are using an elaborate infection chain that includes creation of a fake movie streaming website.
Proofpoint researchers report the attackers associated with BazaLoader malware have created a convincing fake site for a service called BravoMovies, which goes so far as to display fake movie titles on the landing page.
The malware campaign sends emails that contain phone numbers and references to BravoMovies. The messages warn recipients their credit card will be charged unless they cancel their subscription to the service. If the target calls the phone number provided in the email, a customer service representative will verbally guide the user to the company's alleged website.
"The website is a convincing representation of a movie and television streaming service," researchers said in a blog post. "The threat actors used fake movie posters obtained from various open-source resources including an advertising agency, the creative social network Behance, and the book 'How to Steal a Dog.'"
This campaign is part of a broader trend researchers have observed in which BazaLoader-affiliated criminals in which they use call centers as part of an intricate attack chain.
Proofpoint thinks there is a likely overlap between the distribution and post-exploitation activity of BazaLoader and threat actors behind The Trick malware, also known as Trickbot.
The details from Proofpoint can be found here
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024