BazarLoader malware opens a new frontier in cyberspace

By Prayukth K V
March 17, 2022
BazarLoader malware opens a new frontier in cyberspace

While reports were coming in of hackers using company forms to trick employees to download a variant of BazarLoader malware, Sectrio’s research team has come across another method that hackers are using to push this malware.

What is BazarLoader?

It is a very stealthy and sophisticated malware that serves as the level one infector to drop multiple payloads. Since it serves to push for multiple malware payloads once installed, it is a much sought out malware among hackers. It is by design a highly resilient and complex malware that has been used extensively in multiple campaigns including those associated with Ryuk and Conti. 

BazarLoader utilizes the EmerDNS domain name and record system which is based on blockchain. This renders it safe from any form of censorship and modification from non-author entities. So, shutting the associated domains is a tough proposition.

Since the last few weeks, security teams have been discussing hackers using company forms to push infected links. WeTransfer, TransferNow, and in some instances even Dropbox links were being used to transfer a .ISO file with a .LNK shortcut and a masked DLL file after the hacker established a line of communication with the purported victim.

Sectrio’s researchers intercepted an email earlier today that claimed to be coming from a prominent software review site. A look at the email address revealed that it was from another domain altogether and was being pushed through many server loops to improve its authenticity. On clicking any link, the attack chain is activated with the download of an .ISO file with the shortcut and the masked DLL file.


Since this email was targeting a team that would usually be interested in such communication, this was likely a targeted attack through a spoofed ID.   

Such variation in phishing methods within just a couple of weeks indicates that hackers are working hard to improvise their tactics to push BazarLoader.

For more informational content, subscribe to our weekly updates and stay tuned with updates from Sectrio.

Try our rich OT and IoT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence

Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.

Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center

2022 threat landscape assessment report
Get the latest copy of the OT and IoT threat landscape report
Improve your cybersecurity through OT and IoT focused threat intelligence feeds free for 15 days

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

OT and IoT Security standards and Best Practices for CISO's
Download our CISO IoT and OT security handbook  

Key Points

Get the latest news and insights beamed directly to you


    Key Points

    Get the latest news and insights beamed directly to you


      BazarLoader malware opens a new frontier in cyberspace

      Read More

      Protecting your critical assets is only a few steps away

      Scroll to Top