fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New BazaFlix Attack Pushes BazarLoader Malware Via Fake Movie Site

New BazaFlix Attack Pushes BazarLoader Malware Via Fake Movie Site

Security researchers found a new BazarCall email phishing campaign that manages to bypass automated threat detection systems to deliver the BazarLoader malware used by the TrickBot gang.

A new wave of BazarCall emails were spotted at the beginning of the month, pretending to be a notification about a payment card charge for continued subscription to an online service.

Cancel video streaming subscription

BazarCall is a new phishing method in use since the beginning of the year that relies on call centers to direct users to downloading malware laced documents.

Also Read: Data Protection Officer Singapore | 10 FAQs

It relies heavily on social engineering and user interaction, starting with a notification about the end of a trial period for a service and starting to charge for a subscription.

In the recent campaign caught by researchers at Proofpoint, the messages purported to be from a streaming entertainment service announcing that the trial/demo is about to expire and that their payment card is about to be charged for a premium plan.

Fake BravoMovies email for BazaFlix phishing campaign
source: Proofpoint

The emails come with a phone number that recipients can call to cancel the subscription. However, the directions received from the other end of the line point to the website of an alleged streaming and TV service called “BravoMovies” from a company called UrbanCinema. For this reason, Proofpoint uses the name BazaFlix to track this campaign.

The researchers say that the website looks realistic enough, using movie posters from various public sources, “including an advertising agency, the creative social network Behance, and the book “How to Steal a Dog.”

Following the instructions to unsubscribe from BravosMovies streaming services users get to download a malicious Excel document with macros that install BazarLoader malware.

Excel document delivered via BazaFlix campaign
source: Proofpoint

Although the malware is used to download and execute other malicious files, the researchers said that they did not observe a second-stage payload for this campaign.

BazarLoader emerged in April last year and due to code similarities and infrastructure used it is believed to have the same developers as the TrickBot trojan.

The TrickBot gang is infamous for distributing Ryuk and Conti ransomware to valuable targets (corporate victims) and BazarLoader is another tool to avoid using the the highly-detected trojan.

The BazaCall malware delivery method started being used in late January and continued through the end of March. Although the technique remains the same same, the threat actors used various themes to trap victims.

Previous campaigns lured with fake subscriptions associated to companies in the pharmaceutical, flower, lingerie, medical, or antivirus businesses.

While both BazarLoader and TrickBot are believed to be created by the same group, the call centers may be operated by a different gang, who are renting them for malware distribution.

Also Read: Practitioner Certificate in Personal Data Protection: Everything You Need to Know

To show what happens when an unsuspecting BazaCall victim calls the phone number in the phishing email, security researcher Brad Duncan shared a video with the dialog with the threat actor’s call center.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us