Pixelette Technologies

Bazarloader Targets Famous Apps Slack and Basecamp Clouds

read more about malware bazarloader

Cyber threats have increased by the number in today’s world since cloud services have become popular among employees and companies because pandemics caused worldwide lockdowns and restrictions.

This saw the majority of companies conducting business online, creating more opportunities for cyber criminals to attack users’ personal devices.

Many malwares have popped on the internet used to exploit vulnerable security protocols.

Bazarloader is one of them, and it has been around for some time now.

Researchers discovered at least six variants of BazarLoader since the first variant was spotted in the wild last April.

This indicates that the downloader is still active.

It seems that the BazarLoader malware is exploiting worker trust in collaboration tools, such as Slack and Basecamp, to deliver malware payloads in email messages.

The attackers have also created a secondary chain that makes use of voice calls. 

The links in the emails are stored on the encrypted cloud storage platforms Slack or BaseCamp.

If the target works for a company that utilizes one of them, the links appear genuine.

When the victim clicks on the link, BazarLoader is downloaded to their device. 

If the prospective victim picks up the phone, he will be communicated with a friendly person who will send him a website address where he can unsubscribe from the service.

An unsubscribe link is buried in a FAQ. When you click that unsubscribe link, you are presented with a malicious Office document (whether a Word docu- ment or an Excel spreadsheet) that infects the computer with BazarLoader malware. 

The messages were supposedly sent from a Medical Reminder System and included a phone number as well as an address for a real Los Angeles building.

However, in mid-April, they began involving a fraudulent online library called BookPoint that involved fraudulent payment for its loans. 

Researchers have been suspecting that BazarLoader could be related or authored by the TrickBot operators.

TrickBot is another first-stage loader malware often used in ransomware campaigns. 

Notify of
Inline Feedbacks
View all comments

Recent Posts

Follow Me


Topic(s) Of Interest

Social Share

Share this post with your friends, if you found our content interesting

× Whatsapp us