Wednesday, October 21, 12:30
Home security BazarLoader: Used to develop Ryuk ransomware

BazarLoader: Used to develop Ryuk ransomware

His gang TrickBot aims for more and more goals "high valueUsing a relatively new one trojan, with the name BazarLoader. After the initial infection with BazarLoader, various can be installed malware. In the final stage, the Ryuk ransomware.

For years, the TrickBot gang has been using trojans to put in risk corporate networks by downloading various software used for code theft access, spread to others computers or even stealing an Active Directory database of a domain.

BazarLoader Ryuk ransomware

From TrickBot to BazarLoader

In April 2020, the TrickBot gang began using a new method of infection, BazarLoader / BazarBackdoor, in phishing attacks.

Her researchers Advanced Intel stated in a report that the gang does not infect the victims with the infamous TrickBot trojan, but with BazarLoader. This has been observed at least in recent months. The goal is mainly “high value” corporate networks.

According to researchers, BazarLoader is very simple but manages to cause great damage to systems of the victims.

A BazarLoader infection starts with a targeted phishing attack, as seen in an email received by BleepingComputer in April.

After infecting a computer, BazarLoader will use “process hollowing”To put the BazarBackdoor component in legal Windows processes such as cmd.exe, explorer.exe and svchost.exe. This process creates a scheduled task that loads BazarLoader each time a user logs on to the system.

Eventually, BazarBackdoor will develop one Cobalt Strike beacon, which allows attackers to acquire remote access in the system and install post-exploitation tools, As the BloodHound and Lasagna to gain control of a Windows domain and export credentials.

Eventually, the attack is exploited by criminals who develop it Ryuk ransomware throughout the network and require ransom.

According to researcher Kremez, the Bazarloader will continue to be used but for selected purposes, as it is now. For more massive network breaches, attackers will continue to use TrickBot.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Cisco: Vulnerability CVE-2020-3118 is used in some attacks

Cisco today warned of some attacks that actively target the high-severity vulnerability CVE-2020-3118, which has been found to affect many routers ...

Google: Chrome patch released for zero-day vulnerability fix

Google yesterday released the new version of Chrome 86.0.4240.111, with security updates, to fix a zero-day vulnerability that, according to ...

Microsoft: Said to Shut Down 94% of TrickBot C&C Servers!

Last week, Microsoft-led cybersecurity companies joined forces to crack down on TrickBot, one of ...

Vulnerabilities in MobileIron MDM servers used by hackers

Government hacking teams and other criminals exploit vulnerabilities in MobileIron MDM servers and gain access to corporate networks.

Albion Online: The forum of the popular online game has been violated!

A popular online role-playing game has revealed that its user forum has been breached, exposing email addresses and encrypted passwords ...

Iranian CEO guilty of conspiracy and breach of US sanctions!

The United States has sentenced the CEO of a financial services company to 23 months in prison for allegedly helping Iranian nationals carry out financial ...

Adobe: Fixes vulnerabilities that affect Windows / macOS apps

Adobe has released security updates to address vulnerabilities that affect many of its Windows and macOS products. These vulnerabilities ...

Pfizer: patient data from the major pharmaceutical industry were exposed

The world-famous pharmaceutical company Pfizer Inc., seems to have suffered a data breach resulting in the information of many of its patients being exposed to ...

Ohio school district suffered data breach!

Cybercriminals broke into a school district of Ohio, gaining access to its system and leaking personal information to the internet ...

Blackbaud: OSF HealthCare reports data breach

As the OSF HealthCare System informed its patients, it is possible that their personal data has been leaked as a result of a violation ...