The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.
And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain.
The BazarLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazarLoader was first observed in the wild last April – and since then researchers have observed at least six variants, “signaling active and continued development.”
It’s been recently seen being used as a staging malware for ransomware, particularly Ryuk.
“With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” according to an advisory from Sophos,
issued on Thursday.
threatpost.com
