"New BazarBackdoor Attack Discovered"
Security researchers at SophosLabs discovered a new cyberattack involving a malware family known as both BazarBackdoor and BazarLoader. In the attack, adversaries use socially engineered emails to scare their targets into opening an attachment and clicking on a malicious link. Malware is then delivered to the victim through a fairly novel mechanism: the abuse of the appxbundle format used by the Windows 10 app installer. In the email, the adversaries impersonate a company manager and address the victim by name. Using an abrupt and threatening style, the attackers tell the victim that a complaint has been filed against them and demand to know why this information wasn’t sent to the manager. The researchers stated that the messages themselves were very short, but they were crafted with an understanding of the human psychology behind the adrenaline-rush of fear and had been personalized with both the name of the recipient and the targeted organization in both the subject line and the body. The recipient is urged to click through to a website where the complaint has seemingly been posted for them to review. This link, if clicked, will eventually lead the user to the malware. The researchers stated that the malware used in this attack steals profiling data, such as the amount of RAM and CPU power that each infected device has. The malware used in the attack also includes a function to download and install more malware.