Microsoft’s cybersecurity researchers are now warning users about BazarCall, a criminal group that uses call centers to infect PCs with malware called BazarLoader – a malware loader used to spread ransomware.<\/p>\n\n\n\n
Brad Duncan of Palo Alto Networks recently detailed the group’s plans.<\/p>\n\n\n\n
As he describes, the malware provides backdoor access to an infected Windows device.<\/p>\n\n\n\n
After a computer is infected, criminals use this backdoor access to send follow-up malware, scan the environment, and exploit other vulnerable machines on the network.<\/p>\n\n\n\n
The attack starts with phishing emails reminding the victim that a trial subscription has expired and that they will automatically be charged a monthly fee unless they call to cancel.<\/p>\n\n\n\n
When recipients call the number, a fraudulent call center is run by the attackers, who advise them to visit a website and download an Excel file to cancel the service.<\/p>\n\n\n\n
The group’s activities are now under the radar of Microsoft’s Security Intelligence Team.<\/p>\n\n\n\n
Microsoft has released a GitHub page to share details about the BazarCall campaign, and the tech giant is also updating details about phishing emails, the use of Cobalt Strike for cross-movement, malicious Excel macros, Excel delivery techniques, and the use of Windows NT Directory Services, or NTDS, to steal AD files.<\/p>\n\n\n