silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,048
The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware. [...]
In April 2020, we reported that the TrickBot gang had started to use a new BazarLoader/BazarBackdoor infection in phishing attacks.
In a new report, Advanced Intel security researchers explain that instead of burning victims with the highly-detected TrickBot trojan, threat actors now favor BazarBackdoor as their tool of choice for high-value enterprise targets.
"BazarBackdoor remains the covert malware relying upon minimal functionality while on the host producing high-value long-term infections due to its simplicity and external operation dependency to exploit more information later." "In other words, the BazarBackdoor “blending-in“ simplicity and obfuscation layer allows the payload to be a better choice for high-value targets," Kremez told BleepingComputer in a conversation about their report.