Level 78
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.

And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain.

The BazarLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazarLoader was first observed in the wild last April – and since then researchers have observed at least six variants, “signaling active and continued development.”

It’s been recently seen being used as a staging malware for ransomware, particularly Ryuk.

“With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” according to an advisory from Sophos, issued on Thursday.