From unit42.paloaltonetworks.com
Executive Summary
BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host. After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.
The threat actor behind BazarLoader uses different methods to distribute this malware to potential victims. In early February 2021, researchers began reporting a call center-based method of distributing BazarLoader. This method utilizes emails with a trial subscription-based theme that encourages potential victims to call a phone number. A call center operator then answers and directs victims to a website to unsubscribe from the service. Call center operators offer to personally guide victims through a process designed to infect vulnerable computers with BazarLoader. An example of the process can be found in this YouTube video.
This call center-based process of infecting computers with BazarLoader has been dubbed the “BazarCall” method (sometimes referred to as “BazaCall” method).