An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.
The attacks — dubbed “BazaCall” — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number.
By tricking the recipients into calling the number, the unsuspecting victims are connected with an actual human operator at a fraudulent call center, who then provide them with instructions to download the BazaLoader malware.
BazaLoader (aka BazarBackdoor) is a C++-based downloader with the ability to install various types of malicious programs on infected computers, including deploying ransomware and other malware to steal sensitive data from victimized systems. First observed in April 2020, BazaLoader campaigns have been used by multiple threat actors and frequently serves as a loader for disruptive malware such as Ryuk and Conti ransomware.