Trickbot’s Sibling, Bazarbackdoor, is Hunting Down its Targets Vigorously

In the fast-paced world of cybersecurity, most malware get a brief period in the spotlight before falling into oblivion. However, this is not the case with TrickBot. Despite the takedown attempt last year, reports suggested that the creators made efforts to reinstate the demolished infrastructure to launch more campaigns. While this struggle continues, a backdoor malware called BazarBackdoor from the same operators has come to the foreground in the threat landscape.

BazarBackdoor gets a makeover

Researchers have observed a newer and stealthier version of BazarBackdoor being increasingly distributed through spam campaigns.
  • The malware is rewritten in Nim programming language to enhance its evasion capability.
  • This enables the threat actors to remotely access the computers while spreading laterally throughout a network.

Noteworthy attacks observed

  • The operators of BazarBackdoor, also known as BazaLoader, made an attempt to ruin this Valentine’s day by propagating the malware via a spear-phishing attack.
  • The emails pretended to confirm hefty orders from Ajour Lingerie and Rose World and ultimately luring recipients into downloading a malicious document.
  • In another spam campaign, Windows users were targeted by the backdoor to collect sensitive information, control the system via commands, and deliver malware.
  • A new and improved version of the malware that strikes a similarity with Conti ransomware was also spotted by researchers. The backdoor variant is distributed through a malicious Excel file.

Key takeaways

Given how many phishing emails are sent out with this backdoor attached to them, BazarBackdoor is a severe threat to corporate networks. It can install other malware on networks to leave a devastating impact. Therefore, businesses should keep an eye out for the malware and make sure that employees understand how to spot fake emails.

Cyware Publisher

Publisher

Cyware