Microsoft says don't trust phony call centers and malicious Excel files


Level 50
Content Creator
Apr 24, 2016
What you need to know
  • Microsoft Security Intelligence has caught wind of a new ransomware attack strategy.
  • It involves fake call centers and malicious Excel files.
  • The campaign is dubbed "BazaCall."
There's a ransomware campaign going on called BazaCall. It's been circulating for months, but Microsoft Security Intelligence is now publicizing its major points on Twitter with screenshots to help inform the average person of how to stay safe (via ZDNet).

Here's how BazaCall works. First, you'll receive an email saying a subscription service of yours is up for renewal, and you'll be invited to call a phone number to cancel if you wish.

When you call, you'll be told to go to a website and download an Excel file. That file contains the macro that gets the payload onto your machine, crippling you with ransomware.

It sounds like a dumb plot on paper, but in reality, decently written emails and full-on fake call centers can present the appearance of a legitimate operation to the gullible, uninformed, or inattentive. As Microsoft mentions in its tweet thread discussing BazaCall, the threat is made even more complex by the fact that there's nothing overtly malicious in the emails themselves, making danger harder to detect.

The name BazaCall stems from the malware the campaign distributed in the beginning: BazaLoader. Though it's been kicking around for a bit, it seems the efforts to spread ransomware are amping up as people get wise to classic tricks.

Today we're dealing with harmless emails, con-job call centers, and dangerous Excel files. What happens tomorrow? Do fraudsters legally register and operate entirely legitimate businesses solely to have addresses and phone numbers for swindles on the side? Aside from the fact that that already happens, the point is that ransomware may seem like a foreign concern at the moment, but be ready: Cybercriminals are working overtime to drag you into their net, no matter how elaborate of a scheme such a victory requires.


Level 74
Content Creator
Malware Hunter
Aug 17, 2014

Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers​

An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems.

The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number.

By tricking the recipients into calling the number, the unsuspecting victims are connected with actual human operators at the fraudulent call centers, who then provide them with instructions to download the BazaLoader malware.

"Attacks emanating from the BazaCall threat could move quickly within a network, conduct extensive data exfiltration and credential theft, and distribute ransomware within 48 hours of the initial compromise," Microsoft 365 Defender Threat Intelligence Team said in a report published Thursday.