BazarCall Malware

Cybercriminals are exploring new strategies to deliver payloads to their victims constantly. Often, corrupted email attachments are their preferred method of propagating a threatening file. However, a new piece of malware, identified as BazarCall, appears to use a very experimental strategy. While the victims are approached via an email message, it does not prompt them to download a file or attachment – instead, it asks them to call a phone number to cancel a service that they would otherwise have to pay money for. The phone mentioned in the email is owned by the criminals behind the BazarCall Malware campaign, and they will ask the victim to download and fill out a 'cancellation form' to complete the process. However, the cancelation form is a macro-laced document, which will deploy the BazarCall Malware.

The strategy that BazarCall Malware's creators employ is very innovative, and it has not been abused by other cybercriminals so far. Recipients of the fraudulent email are told that they will be charged up to $89.99 for their subscription unless they cancel it immediately. The message does not impersonate a legitimate company and, instead, includes a fake company name, which is unlikely to show up on search engines.

The BazarCall Malware is usually used to deliver additional malware to compromised devices. In the past, it has been used in combination with notable malware families like BazaarLoader, IcedID, TrickBot and others.

The strategies of cybercriminals are becoming very elaborate, and protecting yourself from their potential attacks can be very difficult unless you use the proper tools. Users can stay protected from the BazarCall Malware and the threatening documents linked to it by using a regularly updated anti-virus application.