Microsoft Security Intelligence Tracks New BazaCall Malware Campaign

19
Microsoft Security Intelligence Tracks New BazaCall Malware Campaign

Officials from Microsoft Security Intelligence said in a Twitter thread that they are tracking an active BazaCall malware campaign that leads to ransomware deployment. 

The BazaCall campaign send out emails instructing recipients to contact a phone number to cancel a fake service membership. When victims dial the number, they are connected to a bogus call center run by the attackers, who instruct them to go to a website and download an Excel file to terminate the subscription. The payload is downloaded using a malicious macro in this file.

Microsoft identified attackers using Cobalt Strike in this attack and reports that they stole credentials — including the Active Directory database — and used rclone to exfiltrate data.

To Read More:  darkreading

Also Check :  Introducing the TOUGHBOOK S1 Developed to deliver all the features you want, and all the rugged you need