• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » BazaCall Malware Targets Windows Users

BazaCall Malware Targets Windows Users

2021-07-01 by Grace Choi

Microsoft BazaCall malware

Microsoft Reports Human-Operated Attacks

Microsoft reported an active BazaCall malware campaign in a Twitter post last Tuesday. Attackers are using fraudulent emails to trick targets into calling call centers that convince them to download malicious links, according to Microsoft. The phishing tactic has been effective in downloading payloads onto target devices.

BazaCall and BazaLoader

BazaCall is named after BazaLoader, which is the malware originally distributed through the campaign.

BazaLoader is linked to the NimzaLoader backdoor malware which is derived from the same Nim programming language. Both malwares were deployed by TA800 threat actor gang.

According to Microsoft, the attack begins with an email regarding a subscription renewal:

Source: @MsftSecIntel on Twitter

The email details that the victim signed up for a free trial that ends in 24 hours. The email claims that payment information has already been taken and that the victim will be auto-charged at the end of the trial period. Recipients of this email are told to call a customer service number for assistance.

Once the victim calls the customer service line, they are instructed by a human to visit a website and download an Excel file that will cancel their subscription. The file contains a macro malware that downloads the payload to the victim’s computer.

Source: @MsftSecIntel

Attackers used Cobalt Strike, a pen-testing tool to steal credentials. While Cobalt Strike is meant for companies to test their systems for breach risks and security vulnerabilities, it often is found in the hands of cybercriminals who use the tool to infiltrate.

SEE ALSO Interpol, Feds Seize Dark Web Marketplace Joker’s Stash

Another program used by attackers is Rclone, which is an open source computer program that is used to manage and migrate content on the cloud. In this campaign, Rclone was used to exfiltrate or steal data from victim computers.

This approach in delivering a payload has proven to be a challenge for Microsoft. Because the initial email does not have any malicious content, it is difficult for security teams to detect them. Instead, the attackers rely on victims personally reaching out to their call center where they are instructed to download the malware.

Identifying Phishing Emails

According to VMware’s most recent security insights, cyberattacks have reportedly grown to be more sophisticated and harder to prevent. While field experts are working hard to counteract the efforts of cybercriminals, there are still things that we can do to protect ourselves.

One of the most common approaches taken by attackers in targeting individuals is using phishing emails to either gain access to account credentials or to access sensitive data. Phishing campaigns might target corporate officers to gain credentials for privileged financial credentials, government entities to steal classified information, or individuals for quick profits.

We can avoid being scammed by phishing emails by taking a moment to absorb the details of suspicious emails:

  • Keep an eye on the email address of the sender. Make sure that email addresses are actually from the company that the sender claims to be a part of.
  • Scammers will often include an element of urgency to trigger fast action from victims. If you receive an email claiming that you will be charged for a subscription you haven’t signed up for, examine the email address before interacting with the email or calling anyone. If you really want to make sure, it is worth the time to call the actual company’s customer service line or look up any unknown companies claiming to have your payment information.
  • Keep an eye out for website spoofing by paying attention to URL’s. People can visually emulate another website, but the URL itself is unique to each site.
  • Do not open or download any attachments
  • Carefully examine all electronic requests for a payment or wire transfer of funds
  • Be suspicious of any email that requires immediate action
  • Confirm requests for wire transfers or payment in person or over the phone
  • Do not verify any requests using the contact information listed in the email

For more information on how to avoid phishing scams, see: Avoid Email Phishing Scams

Filed Under: News Tagged With: Microsoft

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version