There are many security threats on the Internet that can compromise our personal data, passwords and cause equipment to malfunction. Hackers often adapt to changes and refine their techniques. In this article we are going to talk about the dangerous BazarBackdoor malware. Let’s see how it has changed to be able to control the victims’ computers and what to do to be protected.
BazarBackdoor now uses contact forms
If you don’t know what BazarBackdoor is, we can say that it is a major threat that belongs to TrickBot and sneaks into computers to create a backdoor for attackers to gain control. Until now it spread through Phishing emails. They sent a message to the victim to scam and thus gain access to the computer.
However, now they have changed their strategy in order to circumvent security measures. Now they have started to spread this malware through website contact forms. This is shown by a report by Abnormal Security. The goal is to deploy Cobalt Strike or ransomware payloads in order to blackmail victims.
Email security measures have improved remarkably. This makes them detect more and better possible Phishing threats and other attacks that may arrive. This is where the change of scenery that cybercriminals have made to use BazarBackdoor comes into play. Typically these malicious emails contained a text file or similar that was actually the malware.
What they do now is pretend to be a company or workers of a company that contacts another to carry out a budget or some work. Upon receiving the response, they automatically send a malicious ISO file, supposedly sending information about that negotiation. They use platforms like WeTransfer to be able to transfer those larger files.
That ISO file is going to have the payload. Their objective is for the victim to extract it and in this way that the malware reaches the system avoiding the antivirus. Thus the hacker would have full control of the computer.
How to avoid these attacks
It is very important to keep common sense to avoid falling victim to BazarBackdoor or any other similar threat that may arrive. In this case we have seen that they have been adapted to use contact forms to send the malware. However, it can also arrive through a Phishing email, by downloading a file on an insecure page, installing a malicious program, etc. Therefore, avoiding making mistakes is essential. You should always improve security when using the browser.
Another essential point to avoid being victims of this type of attack is to keep everything up to date. You must have the latest version of Windows or the operating system you use. The same should apply to any program or driver, as hackers can take advantage of unpatched vulnerabilities.
In addition, it is advisable to use good security programs. A good antivirus, that is updated and has guarantees, will serve to detect malware such as BazarBackdoor and other similar varieties. It is something that you should use on any type of operating system or device that you use.
