Heads up, Windows users! A new malware campaign ‘BazarCall’ is actively targeting Windows systems via phishing emails mimicking call centers. Users must not fall for any promotional, marketing, customer survey, or similar email unless they’re confident about the sender.
BazarCall Malware Targeting Windows
Reportedly, security researchers have spotted a new malware campaign in the wild. This campaign aims at targeting Windows systems with a new malware BazarLoader. However, following this initial campaign, the recurrent BazarCall campaigns also delivered other malware as well including Trickbot, Gozi IFSB, IcedID, and more.
BazarCall malware campaign typically targets Windows systems via a specifically targeted strategy. The malware attack begins by sending phishing emails that mimic messages from call centers.
These emails are different from the usual phishing emails in that they don’t include any malicious links in the message. Rather they trick the recipients into calling on the given phone numbers belonging to the supposed call center.
The email message asks the user to cancel a (fake) subscription to their service for which, the recipient should call. Otherwise, the subscription would renew automatically for a certain amount. The email also mentions a unique user ID that adds weight to it.
When the victim calls on the number, the support agent asks the unique ID to verify a valid target. If the victim tells an ID not known to the support agent, the attack would end right there as the agent would confirm the cancellation of the subscription on call.
Whereas, upon telling the unique ID as mentioned in the email, the agent verifies the victim and asks to proceed to a website where the victim can apply for cancellation. From the phishing site, the recipient would download a contact form – an Excel file that actually embeds the malware.
Throughout, the support agent would remain on call to facilitate the user (the victim). The agent would even ask to disable the antivirus on the device to successfully download the contact form. This paves the way for the malware to download and execute on the target device.
Malware Active In The Wild
BazarCall malware is actively targeting systems globally in recurrent campaigns for at least two months. It first caught attention after an active campaign in January 2021, when the researcher named it ‘BazarCall’.
Though, BazarCall campaigns are now delivering other malware as well. Yet, its prime identification label remains popular as BazarCall due to the similar way of impersonating call centers to execute these campaigns.
Bleeping Computer has recently shared a detailed overview of this malware here.
As for the users, the best way to stay safe from this, as well as many other threats, is to stay cautious of unsolicited emails.
At first, users shouldn’t open any emails that they find unusual or out of context. Yet, if opening emails becomes necessary, it’s better to not click on any given links. (Whereas for this campaign, users shouldn’t trust the phone number either.)
Besides, keep an eye on your bank transactions for any unauthorized transfers, keep your systems secured with a robust antivirus, and have up-to-date backups of your important data to recover in an unfortunate event of malware attack and/or data loss. The more attention you pay to cybersecurity best practices, the safe you remain from online threats.