BazarCall Malware

The BazarCall Malware (or BazaCall) is a Trojan specializing in distributing high-level backdoor Trojans and Remote Access Trojans (RATs) against corporate entities' networks, especially. Its threat actors use a call center tactic, including live phone support, for tricking users into opening a corrupted Excel document. Workers should avoid phone numbers and sites associated with this campaign and run trustworthy anti-malware for removing the BazarCall Malware or related threats like BazarBackdoor.

A Call that can Only Lead to Corporate Sabotage

Although file-locking Trojans and advanced spyware are highly unsurprising payloads against corporations' networks, the tactics that attackers use for their deployment are flexible. An especially novel point of the strategic shift comes from the BazarCall Malware, with evidence of its existence since January 2021. While the BazarCall Malware delivers sophisticated but traditional threats, the way it does so is through a high-investment, black hat 'business.'

The BazarCall Malware's business model is an apparent software distribution scheme that sells its Trojan-installing services to other threat actors. From the victim's point of view, the attack begins, like many others, with a fraud-based e-mail message. The text claims that a free software trial is nearing its expiration date, with manual cancellation required for preventing any charges. The e-mail doesn't include an attached file or website link but, instead, directs users into calling one in a series of rapidly cycling phone numbers.

The number leads to a fake call center run by dedicated tactic artists with a professional Monday through Friday work routine. The attackers verify the e-mail ID (for avoiding tipping off probing security researchers) before taking victims to a website download of a cancellation form – a disguised downloading mechanism for the BazarCall Malware, which starts off the infection chain.

Hanging Up on Corporate-Rampaging Trojans

The BazarCall Malware's full features require more analysis, and samples are in short supply due to its novel distribution tactic. However, malware researchers can confirm its functioning as a Trojan downloader for dropping other threats onto the system and helping attackers take over corporate networks. the BazarCall Malware's payload varies with the presumed affiliate renters, including BazarLoader (a loading component for BazarBackdoor), Trojan.TrickBot spyware, and the botnet banking Trojan, IcedID.

The immediate impact of a BazarCall Malware infection includes loss of passwords and other credentials that attackers could use for securing backdoor access to a network for long-term espionage almost certainly. There also is a substantial risk of the attackers deploying file-locker Trojans to encrypt data, such as the business's documents and databases. Encryption usually is irreversible for all practical considerations.

As usual, victims can refuse to enable the Excel macro that triggers the drive-by-download or stop at a previous point in the tactic. However, since a live call center tactic is a novel piece of infrastructure for a threat actor, reports suggest that the BazarCall Malware infection attempts have high success rates. Users should also update their anti-malware services to remove the BazarCall Malware and its loading document safely.

The BazarCall Malware is a frighteningly well-thought-out, Black Hat business that serves other criminals' needs with infrastructure that skirts around cyber-security vendors. Ideally, workers in at-risk sectors will inform themselves about the new tactic before the pertinent e-mail arrives in their inbox.