Blog

BazarLoader malware opens a new frontier in cyberspace

By |

While reports were coming in of hackers using company forms to trick employees to download a variant of BazarLoader malware, Sectrio’s research team has come across another method that hackers are using to push this malware.

What is BazarLoader?

It is a very stealthy and sophisticated malware that serves as the level one infector to drop multiple payloads. Since it serves to push for multiple malware payloads once installed, it is a much sought out malware among hackers. It is by design a highly resilient and complex malware that has been used extensively in multiple campaigns including those associated with Ryuk and Conti. 

BazarLoader utilizes the EmerDNS domain name and record system which is based on blockchain. This renders it safe from any form of censorship and modification from non-author entities. So, shutting the associated domains is a tough proposition.

Since the last few weeks, security teams have been discussing hackers using company forms to push infected links. WeTransfer, TransferNow, and in some instances even Dropbox links were being used to transfer a .ISO file with a .LNK shortcut and a masked DLL file after the hacker established a line of communication with the purported victim.

Sectrio’s researchers intercepted an email earlier today that claimed to be coming from a prominent software review site. A look at the email address revealed that it was from another domain altogether and was being pushed through many server loops to improve its authenticity. On clicking any link, the attack chain is activated with the download of an .ISO file with the shortcut and the masked DLL file.

Bazarloader-phishing
BazarLoader malware opens a new frontier in cyberspace - Sectrio

Since this email was targeting a team that would usually be interested in such communication, this was likely a targeted attack through a spoofed ID.   

Such variation in phishing methods within just a couple of weeks indicates that hackers are working hard to improvise their tactics to push BazarLoader.

For more informational content, subscribe to our weekly updates and stay tuned with updates from Sectrio.

Try our rich OT and IoT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence

Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.

Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center

2022 threat landscape assessment report
Get the latest copy of the OT and IoT threat landscape report
Improve your cybersecurity through ot and iot focused threat intelligence feeds free for 15 days
BazarLoader malware opens a new frontier in cyberspace - Sectrio

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Ot and iot security standards and best practices for ciso's
Download our CISO IoT and OT security handbook  
Share:
Avatar of prayukth k v
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defense tactics at close quarters.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio