The operators of the BazarLoader malware are working together with underground call centers to trick the victims of their spam campaigns into opening malicious Office documents and infecting themselves with malware.
While this is not the first time when cybercrime gangs have worked together with underground call centers, this is the first time when we see a major malware distributor, such as the BazarLoader gang, use this tactic on a large scale.
The attacks are so strange and different from anything else seen on the malware scene today that they have their own name and are usually referred to as BazarCall or BazaCall, due to the fact they rely on a phone call to finish the infection process.
How a BazarCall attack works
Currently, these attacks follow a simple yet very effective pattern. It all starts with the BazarLoader gang sending out email spam campaigns to selected victims.
To get the targets’ attention, the emails usually use lures related to offers, free trials, or subscriptions to medical, IT, or other financial services. The emails also contain instructions for recipients to call a phone number for additional details about their offer.
If users call the number, they are connected to a call center where an English-speaking operator guides the victim through downloading an Office file, disabling Office security features and allowing the document, usually an Excel or Word file, to run automated scripts called “macros,” which download and infect the target’s computer with malware.
A recorded phone call to one of these call centers involved in the BazarCall scheme is also available below, courtesy of security researcher Brad Duncan.
[embedded ..
Support the originator by clicking the read the rest link below.
