1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cybercriminals have found a cunning new way to evade security pro

    From TechnologyDaily@1337:1/100 to All on Fri Mar 11 16:15:04 2022
    Cybercriminals have found a cunning new way to evade security protections

    Date:
    Fri, 11 Mar 2022 16:03:40 +0000

    Description:
    The second-stage payload in the campaign remains a mystery.

    FULL STORY ======================================================================

    As email gateways become better at spotting malicious messages, operators of the sinister BazarBackdoor malware are resorting to changing up their
    tactics.

    According to reports from BleepingComputer, the TrickBot group, which created the malware, no longer tries to infect new endpoints directly via email, but rather through website contact forms.

    Citing a report from cybersecurity experts Abnormal Security, the publication says the new campaign probably kicked off in December 2021, targeting corporate endpoints with Cobalt Strike or ransomware . TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Deploying the BazarBackdoor DLL

    The method is simple: instead of directly sending an email, the threat actor will use corporate contact forms to kick off communication, most often posing as a business requesting a product supply quote.

    Once the target responds to the message, the attacker will send a malicious ISO file, claiming its relevant to the communication. The ISO file wont be attached directly, though, but instead will first be uploaded to third-party file-sharing services , such as TransferNow or WeTransfer.

    The ISO archive carries two files, the researchers suggest: one .lnk file and one .log file. By grouping these files together, and having the victim
    extract them manually after download, the threat actors hope to evade any email protection services that the target might have set up. Read more

    Windows 10 apps abused by BazarLoader 'call me back' attack


    TrickBot malware has been taken over by this notorious criminal gang


    Conti ransomware source code leaked by Ukrainian researcher

    Once the target runs the .lnk file, it will open a terminal window and load the .log file - the BazarBackdoor DLL.

    BazarBackdoor is built to provide its operators with remote access to an internal device, and as such, is usually used as a stepping stone towards the deployment of more destructive malware or ransomware.

    Given that BazarBackdoor is the first stage in a multi-stage attack, the researchers expect the malware to deploy the stage-two payload. However, many of the C2 IPs are offline, preventing researchers from discovering the campaigns endgame. You might want to check out our list of the best firewalls right now

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/cybercriminals-have-found-a-cunning-new-way-to- evade-security-protections/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)