A new phishing campaign aims to entice unsuspecting users by unknowingly downloading the latest version one malware trojan. This campaign is linked to one of the most productive cybercrime operations currently operating in the global threat landscape. The Bazar trojan first appeared in 2020 and a successful development of the malware trojan could offer cybercriminals backdoor in breached systems Windows, allowing them to control a device and gain further access to the network in order to collect sensitive information or deliver malware, including ransomware.
Fortinet security researchers have discovered a new variant of the Bazar trojan, which has "anti-analysis" techniques to make malware more difficult to detect. These techniques include hiding malicious APIs on code and call them only when needed, the additional contraction of code, and even the encryption of certain strings of code to make it more difficult to parse.
According to ZDNet, the new techniques were added to the Bazar in late January and coincided with a phishing campaign designed to distribute the malware update. Topics used in phishing emails, designed to attract potential business victims, include False customer complaint reports, fake billing statements and fake bonus offer.
Regardless of the subject of the email, Bazar trojan attacks try to encourage a potential victim to click on a link that is supposed to redirect to a PDF that contains additional information about the subject of the email. But in reality, these links lead to a malicious website that refers to the original email and directs users to download a file - this is what Bazar downloads to the system and performs the malware installation process.
Once the process is complete, intruders have a backdoor to the compromised system, which they can either use for their own malicious purposes or sell to other cybercriminals for exploitation.
Η Fortinet warns that this phishing campaign remains active, while attempts at attacks are often detected.
Thus, researchers recommend that organizations provide guidance to employees on how to identify and protect themselves from attack and scams. Organizations also need to ensure that they have implemented a patching strategy, which prevents malware from exploiting known vulnerabilities and, consequently, from accessing networks.