Cybercriminals have created a bogus streaming service with the ultimate goal of tricking users into installing the BazaLoader Trojan on their systems, according to new research from Proofpoint.
The cybersecurity firm first observed the entertainment-themed campaign in May this year as it masqueraded as a real online streaming service with a sleek website featuring fake movies.
The campaign itself is used to distribute BazaLoader which has the ability to download and install additional modules on the victim’s systems. Several threat actors are currently using the loader to distribute ransomware, including Ryuk and Conti.
According to Proofpoint’s analysis, the company can say with great certainty that there is a strong overlap between the distribution and post-exploitation activity of BazaLoader and the cybercriminals behind the Trickbot malware.
The latest BazaLoader campaign begins with potential victims receiving an email telling them that their trial period has ended and that they will be billed $ 39.99 per month unless they cancel their subscription to the bogus service. streaming BravoMovies.
These phishing emails contain a phone number that users can call if they want to unsubscribe. If a user calls this number, a customer service representative will verbally guide them to the BravoMovies website. The cybercriminals behind this campaign have certainly done their homework as the site looks like a real streaming service complete with fake movies and posters, FAQs, pricing details and even a free trial.
When a user visits the BravoMovies website, goes to the FAQ section, and follows the instructions to unsubscribe through the “Subscribe” page, they will be asked to download an Excel spreadsheet. This document then asks them to “enable content” and malicious macros are used to download BazaLoader.
The reason this campaign has been successful so far is because many viewers signed up and then canceled multiple streaming services during the pandemic. Cybercriminals are well aware of these behaviors, which is why they have used them to their advantage when launching this new BazaLoader campaign.
To avoid falling victim to this and similar campaigns, users should only sign up with reputable streaming services after doing their research and remembering that if something sounds too good to be true, it probably is.