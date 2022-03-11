The security measures of emails have improved remarkably. This makes them detect more and better possible Phishing threats and other attacks that may arrive. This is where the change of scenery that cybercriminals have made to use BazarBackdoor comes into play. Typically these malicious emails contained a text file or similar that was actually the malware.

However, now they have changed their strategy in order to circumvent security measures. Now they have started to spread this malware via contact forms of websites. This is shown by a report by Abnormal Security. The goal is to deploy Cobalt Strike or ransomware payloads in order to blackmail victims.

If you don’t know what BazarBackdoor is, we can say that it is a major threat belonging to TrickBot and sneaking into teams to create a backdoor for attackers to gain control. Until now it spread through Phishing emails. They sent a message to the victim to scam and thus gain access to the computer.

What they do now is pretend to be a company or workers of a company that contacts another to carry out a budget or some work. Upon receiving the response, they automatically send a malicious ISO file, supposedly sending information about that negotiation. They use platforms like WeTransfer to be able to transfer those heavier files.

That ISO file is going to have the payload. Their objective is for the victim to extract it and in this way that the malware reaches the system avoiding the antivirus. Thus the hacker would have full control of the computer.

How to avoid these attacks

It is very important to keep the common sense to avoid being victims of BazarBackdoor or any other similar threat that may arrive. In this case we have seen that they have been adapted to use contact forms to send the malware. However, it can also arrive through a Phishing email, by downloading a file on an insecure page, installing a malicious program, etc. Therefore, avoiding making mistakes is essential. You should always improve security when using the browser.

Another essential point to avoid being victims of this type of attack is to have everything updated. You must have the latest version of Windows or the operating system you use. The same should apply to any program or driver, as hackers can take advantage of unpatched vulnerabilities.

In addition, it is convenient to use good security programs. A good antivirus, that is updated and has guarantees, will serve to detect malware such as BazarBackdoor and other similar varieties. It is something that you should use on any type of operating system or device that you use.