BazarCall is the name of a novel threat detected at the beginning of the year that use call centers to spread. The malware, also known as BazaCall, reaches users after receiving an email asking to call a phone number to cancel a subscription that will be charged in a short time.
Callers are attended by a human and redirected to a web page from which they will have to download a supposed cancellation form. The form, of course, is not such. What users download is the malware BazarCall.
The danger of BazarCall lies in the fact that there is human contact with the potential victims and the transmission of the ‘malware’ is not carried out through email with attached files
A threat, similar to harmful tech support scams in the way they proceed, that Microsoft has announced that it is even more dangerous than they thought since they act faster and more effectively during infections.
‘Sgroogled.com’: When MICROSOFT Launched ANTI-GOOGLE Ads
“Manual keyboard control makes this threat more dangerous and more evasive”
From the Microsoft 365 Defender Threat Intelligence Team, who have been after the BazaCall mistake for months, they have warned that this is a more dangerous than previously believed because allows attackers to distribute ransomware or steal data within 48 hours of infection. Reaction time is shortened, so you must act quickly to mitigate it.
Those from Redmond stand out especially the remote control that those responsible for BazarCall can have of the keyboard of their victims, which allows to act much more quickly and effectively when, for example, spreading through an entire network potentially compromising the rest of the connected equipment. Which can lead to even greater loot in the form of data.
BazaCall is a sample of how threats evolve with the improvement of traditional detection methods
“The manual control of the keyboard makes this threat more dangerous and more evasive than traditional and automated malware attacks,” they point out from Microsoft. We are undoubtedly before an extremely complex threat due to its way of proceeding and the entry into action of humans that can increase confidence in potential victims.
In addition, they report in ZDNet, the responsible group BazaCall would have allied with those responsible for the ransomware Ryuk. This threat is what is believed to have affected the SEPE in Spain.
“The lack of typical malicious elements in BazaCall emails and the speed with which its operators can carry out an attack exemplify the increasingly complex and evasive threats that organizations face today,” they highlight from the Team of Microsoft 365 Defender Threat Intelligence.