The operators behind the BazaCall callback phishing technique continue to evolve with the latest social engineering tactics to deploy malware on targeted networks.

The scheme ultimately serves as an entry point to carry out next-stage payload delivery for financial fraud, ransomware, cybersecurity firm Trellix, and more. Said In a report released last week.

Key targets in latest attack wave include US, Canada, China, India, Japan, Taiwan, Philippines, UK

cyber security

BazaCall, also known as BazarCall, was launched in 2020 with a novel approach of manipulating potential victims into distributing the BazarBackdoor (aka BazarLoader) malware by calling a phone number specified in a decoy email message. It became popular for the first time.

These email decoys are intended to notify recipients about renewals of trial subscriptions, such as antivirus services, and create a false sense of urgency. The message urges you to contact the support desk to cancel your plan. Otherwise, you risk being automatically charged for the premium version of the software.

The ultimate goal of the attack is to enable remote access to the endpoint under the guise of terminating a supposed subscription or installing a security solution to remove malware from the machine, thereby interfering with further activity. effectively pave the way.

BazaCall Callback Phishing

Another tactic employed by operators is impersonating incident responders in PayPal-themed campaigns to trick callers into thinking their accounts were accessed from eight or more devices distributed in random locations around the world. That’s it.

Regardless of the scenario employed, the victim is asked to launch a specific URL. This is a specially crafted website designed to download and execute malicious executables, which along with other files also drops legitimate ScreenConnect remote desktop software.

After successful persistent access, the attacker opens a fake cancellation form asking the victim to enter personal information and sign in to their bank account to complete the refund, when they are actually tricked. Send money to scammers.

cyber security

This development follows at least three different spin-off groups from the Conti ransomware cartel adopting callback phishing techniques as the initial intrusion vector for compromising corporate networks.

The bond with Conti doesn’t stop there. bazaar back dooris the creation of a cybercriminal group known as trick botwas taken over by Conti Earlier this year before the latter was shut down in May-June 2022 over its loyalty to Russia in its attack on Ukraine.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog