The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. Join experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) to find out how cybercrime forums really work. FREE! Register by clicking above. The BazarLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazarLoader was first observed in the wild last April – and since then researchers have observed at least six variants, “signaling active and continued development.” It’s been recently seen being used as a staging malware for ransomware, particularly Ryuk. “With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” according to an advisory from Sophos, issued on Thursday. Cyberattackers Abuse Slack and BaseCamp According to researchers at Sophos, in the first campaign spotted, adversaries are targeting employees of large organizations with emails that purport to offer important information related to contracts, customer service, invoices or payroll. “One spam sample even attempted to disguise itself as a notification that the employee had been laid off from their job,” according to Sophos. The links inside the emails are hosted on Slack…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-04-16 16:27:002021-04-16 16:27:00BazarLoader Malware Abuses Slack, BaseCamp Clouds
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com