BazarBackdoor Campaigns in Attempts to Avoid Detection

BazarBackdoor Campaigns in Attempts to Avoid Detection

In two recent projects, threat actors using BazarBackdoor used an unusual combination of lures, tactics, and networks to target corporate customers. Threat perpetrators use the victims' own initiative to get through security barriers and reach a consensus in these initiatives. These methods may also be used to combat phishing awareness training. 

BazarBackdoor is a modern malware that has the potential to infect machines and run a variety of malicious programmes. It is thought to have been developed by the same people who created the TrickBot Trojan, a banking Trojan that infects Windows computers. This is due to the fact that BazarBackdoor shares coding and other characteristics with the TrickBot Trojan. 

Threat actors using the BazarBackdoor ransomware have been playing with roundabout ways to get consumers to self-infect, according to a blog post published this week by Cofense. A fake invoice was used in one campaign, with a reference to a malicious website but no direct link to it. Instead, the attackers hope that users can type or paste the URL into their browsers. A second campaign involved a phone number that, when dialed, connects the customer to a phony business official that would attempt to persuade them to access an attacker-controlled website. 

“The notable part about this is that we don’t usually see this sort of thing,” said Joseph Gallop, an intelligence analysis manager at Cofense, in an interview with SC Media. “Usually, threat actors try to make the path to compromise as simple as they can for the victim to follow.”

“There is an increase in fileless, linkless attacks that are engineered toward luring users to do something ..

Support the originator by clicking the read the rest link below.