Beware of Phony Call Centers Tricking Users into Installing Ransomware and Data-Stealers
A concerning new trend has emerged in the cyber threat landscape, where malicious actors have crafted a deceptive campaign that tricks unsuspecting victims into installing malware. This attack method, known as "BazaCall," employs phony call centers as part of a more personal approach to infect computers with ransomware and data-stealing malware.
Table of Contents
The BazaCall Attack Chain
Unlike traditional social engineering attacks, which often use malicious links or documents, the BazaCall campaign takes a more intricate route. Targets receive emails warning of upcoming subscription charges unless they contact a specific phone number. Once the target calls, they are connected to a live operator at a fraudulent call center. The operator, sounding professional, guides the victim into downloading the BazaLoader malware, claiming it’s a legitimate solution to cancel the subscription.
BazaLoader, also known as BazarBackdoor, is a highly dangerous downloader that can infiltrate systems with ransomware, data-stealers, and other forms of malware. The malware was first discovered in April 2020 and has since been used by multiple cybercriminal groups. BazaLoader is often associated with notorious ransomware families like Ryuk and Conti, which have wreaked havoc on organizations worldwide.
How the Attack Unfolds
Once installed, the malware works quickly and efficiently. According to Microsoft’s 365 Defender Threat Intelligence Team, within 48 hours of the initial compromise, the BazaCall attack can escalate, leading to data theft, ransomware deployment, and extensive damage to the targeted network. The hands-on involvement of the call center agent is a unique twist that makes these attacks even harder to detect compared to typical automated phishing attacks.
Evasion Techniques
One of the key reasons BazaCall is so successful is the way it avoids conventional phishing detection mechanisms. Traditional email-based attacks rely on malicious links or attachments that security software can often flag. However, BazaCall bypasses these protections by using human interaction, which adds a layer of complexity. The call center approach makes it difficult for email scanning tools to detect any immediate threats, as no malicious content is included in the email itself.
Expanding the Threat Landscape
This is not the first time BazaLoader has been used in creative and complex attack chains. Earlier this year, Palo Alto Networks and Proofpoint highlighted how the malware was distributed via fake ebook websites and movie streaming services. Users were lured to these websites and then prompted to download rigged Excel spreadsheets, which installed the malware. The same tactics are used in the BazaCall campaign, with fraudulent call center agents directing victims to recipe websites like "topcooks[.]us" to resolve their non-existent subscriptions.
A Dangerous Evolution in Cybercrime
The inclusion of a human element makes this attack far more dangerous than many of the more automated phishing schemes. The BazaCall campaigns demonstrate the need for businesses and individuals to stay vigilant and informed. Cybersecurity researchers emphasize the importance of cross-domain optics, correlating data from various sources to build comprehensive defenses. The fact that cybercriminals are willing to invest time and resources into creating fake call centers underscores the evolving sophistication of modern cyberattacks.
Protecting Yourself Against BazaCall
To protect against BazaCall and other similar threats, users and businesses should adopt multi-layered security strategies. This includes educating employees about the dangers of unexpected emails and phone calls, using advanced anti-malware software, and continuously monitoring network traffic for unusual activities. In the event of a suspicious phone call, never download or install software unless it is from a trusted and verified source.
As cybercriminals become more inventive, the need for heightened awareness and strong defense mechanisms has never been greater. The BazaCall campaign serves as a stark reminder that cybersecurity threats can come in unexpected forms, and vigilance is the key to staying one step ahead.