Researchers have uncovered a new “enterprise-grade” backdoor malware program that they say shares code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks.
Dubbed BazarBackdoor, the malware has been distributed via spear phishing campaigns that leverage a variety of lure topics, including customer complaints, coronavirus-related payroll reports and employee termination lists, Panda Security has reported in a company blog post published this week.
Sent via the Sendgrid marketing platform, the emails contain links to Word, Excel and PDF documents hosted on Google Docs. The recipient is led to believe the doc can’t be viewed properly, and is urged to download a copy instead. This results in infection.
“When the victim clicks on the link, an executable will be downloaded that uses an icon and a name associated with the kind of document that appears on the website,” the blog post explains. “For example, ‘COVID-19 ACH Payroll Report’ will download a document called PreviewReport.DOC.exe. Since Windows does not show file extensions by default, most us ..
Support the originator by clicking the read the rest link below.
