BazarCall Method: Call Centers Help Spread BazarLoader Malware

From unit42.paloaltonetworks.com

A conceptual image representing cybercrime, such as the way that BazarCall uses call centers for BazarLoader malware

Executive Summary

BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host. After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.

The threat actor behind BazarLoader uses different methods to distribute this malware to potential victims. In early February 2021, researchers began reporting a call center-based method of distributing BazarLoader. This method utilizes emails with a trial subscription-based theme that encourages potential victims to call a phone number. A call center operator then answers and directs victims to a website to unsubscribe from the service. Call center operators offer to personally guide victims through a process designed to infect vulnerable computers with BazarLoader. An example of the process can be found in this YouTube video.

This call center-based process of infecting computers with BazarLoader has been dubbed the “BazarCall” method (sometimes referred to as “BazaCall” method).

Read more…